alpine 3.6
access weakness #212

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mutt/src/mutt-1.10.1/mh.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

   if (check_stats)
  {
    if ((dirp = opendir (mailbox->path)) != NULL)
    {
      while ((de = readdir (dirp)) != NULL)
      {
        if (*de->d_name == '.')
          continue;
        if (mh_valid_message (de->d_name))
          mailbox->msg_count++;
      }
      closedir (dirp);
    }
  }

  return rc;
}

static int mh_mkstemp (CONTEXT * dest, FILE ** fp, char **tgt)
{
  int fd;
  char path[_POSIX_PATH_MAX];
  mode_t omask;

  omask = umask (mh_umask (dest));
  FOREVER
  {
    snprintf (path, _POSIX_PATH_MAX, "%s/.mutt-%s-%d-%d",
	      dest->path, NONULL (Hostname), (int) getpid (), Counter++);
    if ((fd = open (path, O_WRONLY | O_EXCL | O_CREAT, 0666)) == -1)
    {
      if (errno != EEXIST)
      {
	mutt_perror (path);
	umask (omask);
	return -1;
      }
    }
    else
    {
      *tgt = safe_strdup (path);
      break;
    }
  }
  umask (omask);

  if ((*fp = fdopen (fd, "w")) == NULL)
  {
    FREE (tgt);		/* __FREE_CHECKED__ */
    close (fd); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.