alpine 3.6
access weakness #156

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

quagga/src/quagga-1.2.4/lib/vty.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

   serv.sun_family = AF_UNIX;
  strncpy (serv.sun_path, path, strlen (path));
#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
  len = serv.sun_len = SUN_LEN(&serv);
#else
  len = sizeof (serv.sun_family) + strlen (serv.sun_path);
#endif /* HAVE_STRUCT_SOCKADDR_UN_SUN_LEN */

  ret = bind (sock, (struct sockaddr *) &serv, len);
  if (ret < 0)
    {
      zlog_err("Cannot bind path %s: %s", path, safe_strerror(errno));
      close (sock);	/* Avoid sd leak. */
      return;
    }

  ret = listen (sock, 5);
  if (ret < 0)
    {
      zlog_err("listen(fd %d) failed: %s", sock, safe_strerror(errno));
      close (sock);	/* Avoid sd leak. */
      return;
    }

  umask (old_mask);

  zprivs_get_ids(&ids);
  
  if (ids.gid_vty > 0)
    {
      /* set group of socket */
      if ( chown (path, -1, ids.gid_vty) )
        {
          zlog_err ("vty_serv_un: could chown socket, %s",
                     safe_strerror (errno) );
        }
    }

  vty_event (VTYSH_SERV, sock, NULL);
}

/* #define VTYSH_DEBUG 1 */

static int
vtysh_accept (struct thread *thread)
{
  int accept_sock;
  int sock;
  int client_len;
  struct sockaddr_un client; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.