alpine 3.6
access weakness #266

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

s6/src/s6-2.5.1.0/src/conn-tools/s6-accessrules-fs-from-cdb.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

   umask(m) ;
  return ;

 err:
  cleanup() ;
  strerr_diefu2sys(111, "mkdir ", s) ;
}

static void touchtrunc (char const *file)
{
  int fd = open_trunc(file) ;
  if (fd < 0) strerr_diefu2sys(111, "open_trunc ", file) ;
  fd_close(fd) ;
}

static int doenv (char const *dir, size_t dirlen, char *env, size_t envlen)
{
  mode_t m = umask(0) ;
  size_t i = 0 ;
  if (!domkdir(dir))
  {
    cleanup() ;
    strerr_diefu2sys(111, "mkdir ", dir) ;
  }
  umask(m) ;
  while (i < envlen)
  {
    size_t n = byte_chr(env + i, envlen - i, 0) ;
    if (i + n >= envlen) return 0 ;
    {
      size_t p = byte_chr(env + i, n, '=') ;
      char tmp[dirlen + p + 2] ;
      memcpy(tmp, dir, dirlen) ;
      tmp[dirlen] = '/' ;
      memcpy(tmp + dirlen + 1, env + i, p) ;
      tmp[dirlen + p + 1] = 0 ;
      if (p < n)
      {
         env[i+n] = '\n' ;
         if (!openwritenclose_unsafe(tmp, env + i + p + 1, n - p))
         {
           cleanup() ;
           strerr_diefu2sys(111, "openwritenclose_unsafe ", tmp) ;
         }
      }
      else touchtrunc(tmp) ;
    }
    i += n + 1 ;
  }
  return 1 ; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.