alpine 3.6
access weakness #241

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

tinyssh/src/tinyssh-20161101/tinyssh-tests/subprocess_authtest.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

     if (unlink("authorized_keys") == -1) fail("unlink() failure");
    if (chdir("..") == -1) fail("chdir() failure");
    if (rmdir("d2") == -1) fail("rmdir() failure");
    if (chdir("..") == -1) fail("chdir() failure");
    if (rmdir("d1") == -1) fail("rmdir() failure");
}
static void test_path_dir2_perm3(void) {

    umask(000);
    if (mkdir("d1", 0777) == -1) fail("mkdir() failure");
    if (chdir("d1") == -1) fail("chdir() failure");
    if (mkdir("d2", 0757) == -1) fail("mkdir() failure");
    if (chdir("d2") == -1) fail("chdir() failure");
    if (savesync("authorized_keys", "", 0) == -1) fail("savesync() failure");
    if (subprocess_auth_checkpath_((char *)path, sizeof path, geteuid())) fail("subprocess_auth_checkpath_() failure");
    if (unlink("authorized_keys") == -1) fail("unlink() failure");
    if (chdir("..") == -1) fail("chdir() failure");
    if (rmdir("d2") == -1) fail("rmdir() failure");
    if (chdir("..") == -1) fail("chdir() failure");
    if (rmdir("d1") == -1) fail("rmdir() failure");
}

static void test_path_dir3_perm1(void) {

    umask(000);
    if (mkdir("d1", 0777) == -1) fail("mkdir() failure");
    if (chdir("d1") == -1) fail("chdir() failure");
    if (mkdir("d2", 0755) == -1) fail("mkdir() failure");
    if (chdir("d2") == -1) fail("chdir() failure");
    if (savesync("authorized_keys", "", 0) == -1) fail("savesync() failure");
    if (subprocess_auth_checkpath_((char *)path, sizeof path, geteuid())) fail("subprocess_auth_checkpath_() failure");
    if (unlink("authorized_keys") == -1) fail("unlink() failure");
    if (chdir("..") == -1) fail("chdir() failure");
    if (rmdir("d2") == -1) fail("rmdir() failure");
    if (chdir("..") == -1) fail("chdir() failure");
    if (rmdir("d1") == -1) fail("rmdir() failure");
}
static void test_path_dir3_perm2(void) {

    umask(000);
    if (mkdir("d1", 0775) == -1) fail("mkdir() failure");
    if (chdir("d1") == -1) fail("chdir() failure");
    if (mkdir("d2", 0755) == -1) fail("mkdir() failure");
    if (chdir("d2") == -1) fail("chdir() failure");
    if (savesync("authorized_keys", "", 0) == -1) fail("savesync() failure");
    if (subprocess_auth_checkpath_((char *)path, sizeof path, geteuid())) fail("subprocess_auth_checkpath_() failure");
    if (unlink("authorized_keys") == -1) fail("unlink() failure");
    if (chdir("..") == -1) fail("chdir() failure");
    if (rmdir("d2") == -1) fail("rmdir() failure");
    if (chdir("..") == -1) fail("chdir() failure"); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.