alpine 3.6
access weakness #267

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

s6/src/s6-2.5.1.0/src/conn-tools/s6-accessrules-fs-from-cdb.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 #include <skalibs/types.h>
#include <skalibs/cdb.h>
#include <skalibs/strerr2.h>
#include <skalibs/djbunix.h>

#define USAGE "s6-accessrules-fs-from-cdb dir cdbfile"

static char const *basedir ;
size_t basedirlen ;

static void cleanup ()
{
  int e = errno ;
  rm_rf(basedir) ;
  errno = e ;
}

static int domkdir (char const *s)
{
  return mkdir(s, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH | S_ISGID) < 0 ? (errno == EEXIST) : 1 ;
}

static void mkdirp (char *s)
{
  mode_t m = umask(0) ;
  size_t len = strlen(s) ;
  size_t i = basedirlen + 1 ;
  for (; i < len ; i++) if (s[i] == '/')
  {
    s[i] = 0 ;
    if (!domkdir(s)) goto err ;
    s[i] = '/' ;
  }
  if (!domkdir(s)) goto err ;
  umask(m) ;
  return ;

 err:
  cleanup() ;
  strerr_diefu2sys(111, "mkdir ", s) ;
}

static void touchtrunc (char const *file)
{
  int fd = open_trunc(file) ;
  if (fd < 0) strerr_diefu2sys(111, "open_trunc ", file) ;
  fd_close(fd) ;
}

static int doenv (char const *dir, size_t dirlen, char *env, size_t envlen) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.