alpine 3.6
access weakness #258

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

s6/src/s6-2.5.1.0/src/conn-tools/s6-ipcserver-socketbinder.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

   int flagdgram = 0 ;
  PROG = "s6-ipcserver-socketbinder" ;
  {
    subgetopt_t l = SUBGETOPT_ZERO ;
    for (;;)
    {
      int opt = subgetopt_r(argc, argv, "DdMmb:", &l) ;
      if (opt == -1) break ;
      switch (opt)
      {
        case 'D' : flagreuse = 0 ; break ;
        case 'd' : flagreuse = 1 ; break ;
        case 'M' : flagdgram = 0 ; break ;
        case 'm' : flagdgram = 1 ; break ;
        case 'b' : if (!uint0_scan(l.arg, &backlog)) dieusage() ; break ;
        default : dieusage() ;
      }
    }
    argc -= l.ind ; argv += l.ind ;
  }
  if (argc < 2) dieusage() ;
  close(0) ;
  if (flagdgram ? ipc_datagram() : ipc_stream()) strerr_diefu1sys(111, "create socket") ;
  {
    mode_t m = umask(0) ;
    if ((flagreuse ? ipc_bind_reuse(0, argv[0]) : ipc_bind(0, argv[0])) < 0)
      strerr_diefu2sys(111, "bind to ", argv[0]) ;
    umask(m) ;
  }
  if (backlog && ipc_listen(0, backlog) < 0)
    strerr_diefu2sys(111, "listen to ", argv[0]) ;

  pathexec_run(argv[1], argv + 1, envp) ;
  strerr_dieexec(111, argv[1]) ;
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.