alpine 3.6
access weakness #107

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

devicemaster-linux/src/devicemaster-linux-7.15/nslinkd.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

         gid_t  group = def_group;

        sprintf(name, "%s%d", prefix, num);
        // syslog(LOG_INFO, "Device created %s\n", name);
        device = MKDEV(major, num);
        if (lstat(name, &st) == 0) {
                if ((st.st_rdev == device) && S_ISCHR(st.st_mode))
                        return;
#if 0

                syslog(LOG_INFO, "%s has dev %d, mode %o wanted %d",
                       name, st.st_rdev, st.st_mode, device);
#endif
                // device exists, but doesn't have right major/minor numbers,
                // so remember owner/group/mode so we can create new device
                // with same properties as old one except w/ right major/minor.

                mode = st.st_mode & 0777;
                owner = st.st_uid;
                group = st.st_gid;

                (void) unlink(name);
        }

        umask(0);

        if (mknod(name, S_IFCHR | mode, device) < 0) {
                perror(name);
                syslog(LOG_ERR, "Couldn't create device %s: %m", name);
        }
        if (chown(name, owner, group) < 0) {
                perror(name);
                syslog(LOG_ERR, "Couldn't chmod device %s: %m", name);
        }
}

/*
 * This function creates all of the devices
 */
static void create_devices(int ctlfd)
{
        int i, num_ports;
        struct group *grp;
        gid_t tty_group = 0;
        int major, callout_major;
        tBoxPortCount bp;

        num_ports = 0;
        for (i = 0; i < num_box_config; i++)
                num_ports += box_config[i].num_lines; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.