alpine 3.6
access weakness #136

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

xdm/src/xdm-1.1.11/xdm/auth.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 	strcpy (new_name, name);
	strcat (new_name, "-n");
	/*
	 * Set safe umask for file creation operations.
	 */
	mask = umask (0077);
	/*
	 * Unlink the authorization file we intend to create, and then open
	 * it with O_CREAT | O_EXCL to avoid race-based symlink attacks.
	 */
	(void) unlink (new_name);
	newfd = open (new_name, O_WRONLY | O_CREAT | O_EXCL, 0600);
	if (newfd >= 0)
	    *newp = fdopen (newfd, "w");
	else
	{
	    LogError ("Cannot create file %s: %s\n", new_name,
		      _SysErrorMsg (errno));
	    *newp = NULL;
	}
	/*
	 * There are no more attempts to create files after this point;
	 * restore the original umask.
	 */
	(void) umask (mask);
	if (!*newp) {
		Debug ("can't open new file %s\n", new_name);
		return 0;
	}
	if (!*oldp)
	    *oldp = fopen (name, "r");
	Debug ("opens succeeded %s %s\n", name, new_name);
	return 1;
}

static int
binaryEqual (char *a, char *b, unsigned short len)
{
	while (len-- > 0)
		if (*a++ != *b++)
			return FALSE;
	return TRUE;
}

static void
dumpBytes (unsigned short len, char *data)
{
	unsigned short	i;

	Debug ("%d: ", len); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.