alpine 3.6
access weakness #257

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

s6/src/s6-2.5.1.0/src/conn-tools/s6-accessrules-fs-from-cdb.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

     }
    memcpy(name + basedirlen + klen + 2, "exec", 5) ;
    if (execlen && !openwritenclose_unsafe(name, data + 5 + envlen, execlen))
    {
      cleanup() ;
      strerr_diefu2sys(111, "openwritenclose_unsafe ", name) ;
    }
  }
  return 1 ;
}

int main (int argc, char const *const *argv)
{
  struct cdb c = CDB_ZERO ;
  uint32_t kpos ;
  PROG = "s6-accessrules-fs-from-cdb" ;
  if (argc < 3) strerr_dieusage(100, USAGE) ;
  if (cdb_mapfile(&c, argv[2]) < 0) strerr_diefu1sys(111, "cdb_mapfile") ;
  basedir = argv[1] ;
  basedirlen = strlen(argv[1]) ;
  {
    mode_t m = umask(0) ;
    if (mkdir(basedir, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH | S_ISGID) < 0)
      strerr_diefu2sys(111, "mkdir ", basedir) ;
    umask(m) ;
  }
  cdb_traverse_init(&c, &kpos) ;
  for (;;)
  {
    int r = cdb_nextkey(&c, &kpos) ;
    if (r < 0)
    {
      cleanup() ;
      strerr_diefu1sys(111, "cdb_nextkey") ;
    }
    else if (!r) break ;
    else if (!doit(&c))
    {
      cleanup() ;
      strerr_diefu1sys(111, "handle key") ;
    }
  }
  return 0 ;
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.