alpine 3.6
access weakness #299

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mmh/src/mmh-0.3/uip/slocal.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 			addr = cp;
			break;
		case 2:
			info = cp;
			break;
		case 3:
			sender = cp;
			break;
		}
	}

	if (!addr) {
		addr = getusername();
	}
	if (!user) {
		user = (cp = strchr(addr, '.')) ? ++cp : addr;
	}
	if (!(pw = getpwnam(user))) {
		adios(EX_NOUSER, NULL, "no such local user as %s", user);
	}

	if (chdir(pw->pw_dir) == -1) {
		chdir("/");
	}
	umask(0077);

	if (geteuid() == 0) {
		setgid(pw->pw_gid);
		initgroups(pw->pw_name, pw->pw_gid);
		setuid(pw->pw_uid);
	}

	if (!info) {
		info = "";
	}

	setbuf(stdin, NULL);

	/* Record the delivery time */
	if (!(now = dlocaltimenow())) {
		adios(EX_OSERR, NULL, "unable to ascertain local time");
	}
	snprintf(ddate, sizeof(ddate), "Delivery-Date: %s\n", dtimenow());

	/*
	** Copy the message to a temporary file
	*/
	if (file) {
		int tempfd;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.