alpine 3.6
access weakness #289

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mmh/src/mmh-0.3/sbr/makedir.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 #include <sys/file.h>
#include <sys/stat.h>

int
makedir(char *dir)
{
	char path[PATH_MAX];
	char *cp;
	int had_an_error = 0;
	mode_t folder_perms, saved_umask;
	char* c;

	context_save();  /* save the context file */
	fflush(stdout);

	if (!(cp = context_find("folder-protect")) || !*cp) {
		cp = foldprot;
	}
	folder_perms = strtoul(cp, NULL, 8);

	/*
	** Folders have definite desired permissions that are set -- we
	** don't want to interact with the umask.  Clear it temporarily.
	*/
	saved_umask = umask(0);

	c = strncpy(path, dir, sizeof(path));

	while (!had_an_error && (c = strchr((c + 1), '/')) != NULL) {
		*c = '\0';
		/* Create an outer directory. */
		if (mkdir(path, folder_perms) == -1 &&
				errno != EEXIST) {
			advise(dir, "unable to create directory");
			had_an_error = 1;
		}
		*c = '/';
	}

	/*
	** Create the innermost nested subdirectory of the
	** path we're being asked to create.
	*/
	if (!had_an_error && mkdir(dir, folder_perms)==-1) {
		advise(dir, "unable to create directory");
		had_an_error = 1;
	}
	umask(saved_umask);  /* put the user's umask back */

	return (had_an_error) ? 0 : 1; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.