alpine 3.6
access weakness #128

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mg/src/mg-20140414/dir.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 	else if (path[0] == '\0')
		return (FALSE);

	return (do_makedir(path));
}

int
do_makedir(char *path)
{
	struct stat	 sb;
	int		 finished, ishere;
	mode_t		 dir_mode, mode, oumask;
	char		*slash;

	if ((path = adjustname(path, TRUE)) == NULL)
		return (FALSE);

	/* Remove trailing slashes */
	slash = strrchr(path, '\0');
	while (--slash > path && *slash == '/')
		*slash = '\0';

	slash = path;

	oumask = umask(0);
	mode = 0777 & ~oumask;
	dir_mode = mode | S_IWUSR | S_IXUSR;

	for (;;) {
		slash += strspn(slash, "/");
		slash += strcspn(slash, "/");

		finished = (*slash == '\0');
		*slash = '\0';

		ishere = !stat(path, &sb);
		if (finished && ishere) {
			dobeep();
			ewprintf("Cannot create directory %s: file exists",
			     path);
			return(FALSE);
		} else if (!finished && ishere && S_ISDIR(sb.st_mode)) {
			*slash = '/';
			continue;
		}

		if (mkdir(path, finished ? mode : dir_mode) == 0) {
			if (mode > 0777 && chmod(path, mode) < 0) {
				umask(oumask);
				return (ABORT); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.