alpine 3.6
access weakness #160

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

quagga/src/quagga-1.2.4/pimd/pim_main.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 #ifdef PIM_ZCLIENT_DEBUG
"\
-Z, --debug_zclient  Enable zclient debugging\n\
"
#endif

"\
-h, --help           Display this help and exit\n\
\n\
Report bugs to %s\n", progname, PIMD_BUG_ADDRESS);
  }

  exit (status);
}


int main(int argc, char** argv, char** envp) {
  char *p;
  char *vty_addr = NULL;
  int vty_port = -1;
  int daemon_mode = 0;
  char *config_file = NULL;
  char *zebra_sock_path = NULL;
          
  umask(0027);
 
  progname = ((p = strrchr(argv[0], '/')) ? ++p : argv[0]);
 
  zlog_default = openzlog(progname, ZLOG_PIM,
			  LOG_CONS|LOG_NDELAY|LOG_PID, LOG_DAEMON);
     
  /* this while just reads the options */                       
  while (1) {
    int opt;
            
    opt = getopt_long (argc, argv, "df:i:z:A:P:vZh", longopts, 0);
                      
    if (opt == EOF)
      break;
    
    switch (opt) {
    case 0:
      break;
    case 'd':
      daemon_mode = 1;
      break;
    case 'f':
      config_file = optarg;
      break;
    case 'i': 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.