Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 6
access weakness #19

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

dovecot-2.0.9/dovecot-2.0-pigeonhole-0.2.2/src/lib-sievestorage/sieve-storage-save.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 access weakness.

 	path = t_str_new(256);	
	str_append(path, storage->dir);
	str_append(path, "/tmp/");
	prefix_len = str_len(path);

	for (;;) {
		tmp_fname = sieve_generate_tmp_filename(scriptname);
		str_truncate(path, prefix_len);
		str_append(path, tmp_fname);

		/* stat() first to see if it exists. pretty much the only
		   possibility of that happening is if time had moved
		   backwards, but even then it's highly unlikely. */
		if (stat(str_c(path), &st) == 0) {
			/* try another file name */	
		} else if (errno != ENOENT) {
			sieve_storage_set_critical(storage,
				"stat(%s) failed: %m", str_c(path));
			return -1;
		} else {
			/* doesn't exist */
			mode_t old_mask = umask(0777 & ~(storage->file_create_mode));
			fd = open(str_c(path),
				O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, 0777);
			umask(old_mask);

			if (fd != -1 || errno != EEXIST)
				break;
			/* race condition between stat() and open().
				highly unlikely. */
		}
	}

	*fpath_r = str_c(path);
	if (fd == -1) {
		if (ENOSPACE(errno)) {
			sieve_storage_set_error(storage, SIEVE_ERROR_NO_SPACE,
				"Not enough disk space");
		} else {
			sieve_storage_set_critical(storage,
				"open(%s) failed: %m", str_c(path));
		}
	} 

	return fd;
}


static int sieve_storage_script_move(struct sieve_save_context *ctx,
  const char *dst) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.