Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

sles 15.2
access weakness #36

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mgetty-1.1.37/fax/faxq-helper.c

Context:

The highlighted line of code below is the trigger point of this particular Sles 15.2 access weakness.

     else 
	close(fd);

    return 0;
}

int main( int argc, char ** argv )
{
    struct passwd * pw; 		/* for user name */
    struct stat stb;

    program_name = strrchr( argv[0], '/' );
    if ( program_name != NULL ) program_name++;
		           else program_name = argv[0];

    if ( argc < 2 )
	{ error_and_exit( "keyword missing" ); }

    /* common things to check and prepare */

    /* make sure people do not play umask tricks on us - the only
     * bits that are accepted in a user umask are "044" - permit/prevent 
     * read access by group/other.  Write access is always denied.
     */
    umask( ( umask(0) & 0044 ) | 0022 );

    /* get numeric uid/gid for fax user */
    pw = getpwnam( FAX_OUT_USER );
    if ( pw == NULL )
    {
	eout( "can't get user ID for user '%s', abort!\n", FAX_OUT_USER );
	exit(3);
    }
    fax_out_uid = pw->pw_uid;
    fax_out_gid = pw->pw_gid;

    /* effective user ID is root, real user ID is still the caller's */
    if ( geteuid() != fax_out_uid )
    {
	eout( "must be set-uid '%s'\n", FAX_OUT_USER );
	exit(3);
    }
    real_user_id = getuid();
    pw = getpwuid( real_user_id );
    if ( pw == NULL || pw->pw_name == NULL )
    {
	eout( "you don't exist, go away (uid=%d)!\n", real_user_id );
	exit(3);
    }
    real_user_name = pw->pw_name; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.