alpine 3.6
access weakness #139

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

xdm/src/xdm-1.1.11/xdm/auth.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

     for (i = 0; i < d->authNum; i++)
    {
	if (auth[i]->name_length == 9 &&
	    memcmp(auth[i]->name, "SUN-DES-1", 9) == 0)
	    continue;
	if (auth[i]->name_length == 14 &&
	    memcmp(auth[i]->name, "MIT-KERBEROS-5", 14) == 0)
	    continue;
	XSetAuthorization (auth[i]->name, (int) auth[i]->name_length,
			   auth[i]->data, (int) auth[i]->data_length);
    }
}

static int
openFiles (char *name, char *new_name, FILE **oldp, FILE **newp)
{
	mode_t	mask;
	int newfd;

	strcpy (new_name, name);
	strcat (new_name, "-n");
	/*
	 * Set safe umask for file creation operations.
	 */
	mask = umask (0077);
	/*
	 * Unlink the authorization file we intend to create, and then open
	 * it with O_CREAT | O_EXCL to avoid race-based symlink attacks.
	 */
	(void) unlink (new_name);
	newfd = open (new_name, O_WRONLY | O_CREAT | O_EXCL, 0600);
	if (newfd >= 0)
	    *newp = fdopen (newfd, "w");
	else
	{
	    LogError ("Cannot create file %s: %s\n", new_name,
		      _SysErrorMsg (errno));
	    *newp = NULL;
	}
	/*
	 * There are no more attempts to create files after this point;
	 * restore the original umask.
	 */
	(void) umask (mask);
	if (!*newp) {
		Debug ("can't open new file %s\n", new_name);
		return 0;
	}
	if (!*oldp)
	    *oldp = fopen (name, "r"); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.