alpine 3.6
access weakness #157

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

quagga/src/quagga-1.2.4/nhrpd/nhrp_main.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 	cmd_terminate();
	/* signal_terminate(); */
	zprivs_terminate(&nhrpd_privs);

	debugf(NHRP_DEBUG_COMMON, "Remove pid file.");
	if (pid_file) unlink(pid_file);
	debugf(NHRP_DEBUG_COMMON, "Done.");

	closezlog(zlog_default);

	exit(0);
}

static struct quagga_signal_t sighandlers[] = {
	{ .signal = SIGUSR1, .handler = &nhrp_sigusr1, },
	{ .signal = SIGINT,  .handler = &nhrp_request_stop, },
	{ .signal = SIGTERM, .handler = &nhrp_request_stop, },
};

int main(int argc, char **argv)
{
	const char *progname;

	/* Set umask before anything for security */
	umask(0027);
	progname = basename(argv[0]);
	zlog_default = openzlog(progname, ZLOG_NHRP, LOG_CONS|LOG_NDELAY|LOG_PID, LOG_DAEMON);
	zlog_set_level(NULL, ZLOG_DEST_STDOUT, LOG_WARNING);

	parse_arguments(progname, argc, argv);

	/* Library inits. */
	master = thread_master_create();
	zprivs_init(&nhrpd_privs);
	signal_init(master, array_size(sighandlers), sighandlers);
	cmd_init(1);
	vty_init(master);
	memory_init();
	nhrp_interface_init();
	vrf_init();
	resolver_init();

	/* Run with elevated capabilities, as for all netlink activity
	 * we need privileges anyway. */
	nhrpd_privs.change(ZPRIVS_RAISE);

	netlink_init();
	evmgr_init();
	nhrp_vc_init();
	nhrp_packet_init(); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.