alpine 3.6
access weakness #112

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

nfdump/src/nfdump-1.6.15/bin/flist.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 	subdir_format = NULL;

	i=0;
	while ( subdir_def[i] != NULL ) {
		if ( i == num )
			break;
		i++;
	}
	if ( subdir_def[i] == NULL ) {
		fprintf(stderr, "No such subdir level %i\n", num);
		return 0;
	}

	subdir_format = subdir_def[i];

    /*
     * The default file mode is a=rwx (0777) with selected permissions
     * removed in accordance with the file mode creation mask.  For
     * intermediate path name components, the mode is the default modified
     * by u+wx so that the subdirectories can always be created.
     */

	// get umask
	mode = umask(0);
	umask(mode);

    mode = 0777 & ~mode;
    dir_mode = mode | S_IWUSR | S_IXUSR;

	return 1;

} // End of InitHierPath

static char *VerifyFileRange(char *path, char *last_file) {
char *p, *q, *r;

	r = strdup(path);
	p = strrchr(r, '/');
	while ( p ) {
		*p = '\0';
	
		q = GuessSubDir(r, last_file);
		if ( q ) {
			free(r);
			return q;
		}
		p = strrchr(r, '/');
	}

	free(r); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.