rhel 7
access weakness #29

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

pmdk-1.5.1/src/examples/libpmemobj/pmemobjfs/pmemobjfs.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 7 access weakness.

  * ioctl the file is unlinked. The actual action is performed after unlinking
 * the file so if the operation was to start a transaction the temporary file
 * won't be unlinked within the transaction.
 */
static int
pmemobjfs_tx_ioctl(const char *dir, int req)
{
	int ret = 0;

	/* append temporary file template to specified path */
	size_t dirlen = strlen(dir);
	size_t tmpllen = strlen(PMEMOBJFS_TMP_TEMPLATE);
	char *path = malloc(dirlen + tmpllen + 1);
	if (!path)
		return -1;

	strncpy(path, dir, dirlen);
	strncat(path, PMEMOBJFS_TMP_TEMPLATE, tmpllen);

	/* create temporary file */
	mode_t prev_umask = umask(S_IRWXG | S_IRWXO);

	int fd = mkstemp(path);

	umask(prev_umask);

	if (fd < 0) {
		perror(path);
		ret = -1;
		goto out_free;
	}

	/* perform specified ioctl command */
	ret = ioctl(fd, req);
	if (ret) {
		perror(path);
		goto out_unlink;
	}

out_unlink:
	/* unlink temporary file */
	ret = unlink(path);
	if (ret)
		perror(path);
	close(fd);
out_free:
	free(path);
	return ret;
}
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.