alpine 3.6
access weakness #188

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mysecureshell/src/mysecureshell-2.00/SftpServer/SftpServer.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 static void reopen_log_file(int signal)
{
	mylog_reopen();
}

void ParseConf(tGlobal *params, int sftpProtocol)
{
	gl_var = params;
	(void) atexit(end_sftp);
	(void) signal(SIGHUP, end_sftp_by_signal);
	(void) signal(SIGINT, end_sftp_by_signal);
	(void) signal(SIGTERM, end_sftp_by_signal);
	(void) signal(SIGUSR1, reopen_log_file);
	(void) signal(SIGUSR2, reopen_log_file);
	if (sftpProtocol > 0)
		cVersion = sftpProtocol;
}

void DoInitUser()
{
	t_info *pw;
	int uid, gid;

	mylog_printf(MYLOG_CONNECTION, "New client [%s] from [%s][%i]", gl_var->user, gl_var->ip, gl_var->portSource);
	umask(000);
	uid = getuid();
	if (gl_var->force_user != NULL)
	{
		if ((pw = mygetpwnam(gl_var->force_user)) != NULL)
			uid = pw->id;
		else
			mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Unable to force user: %s (user unknown)",
					gl_var->user, gl_var->ip, gl_var->portSource, gl_var->force_user);
	}
	gid = getgid();
	if (gl_var->force_group != NULL)
	{
		if ((pw = mygetgrnam(gl_var->force_group)) != NULL)
			gid = pw->id;
		else
			mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Unable to force group: %s (group unknown)",
					gl_var->user, gl_var->ip, gl_var->portSource, gl_var->force_group);
	}
	if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_CREATE_HOME)
			&& chdir(gl_var->home) == -1 && errno == ENOENT)
	{
		int mode = 0755;

		mode |= gl_var->minimum_rights_directory;
		mode &= gl_var->maximum_rights_directory; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.