alpine 3.6
access weakness #305


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 void insert_nested_acl_subject(struct proc_acl *subject);

const char *gr_get_user_name(uid_t uid);
const char *gr_get_group_name(gid_t gid);

void output_role_info(struct gr_learn_group_node *group, struct gr_learn_user_node *user, FILE *stream);
void output_learn_header(FILE *stream);

int display_leaf(struct gr_learn_file_node *node, const void *unused1, FILE *stream);

void insert_learn_id_transition(unsigned int ***list, int real, int eff, int fs);
void add_to_string_array(char ***array, const char *str);
void parse_learn_config(void);

void check_pam_auth(const unsigned char *rolename);

void add_replace_string(const char *name, char *replacewith);
char *lookup_replace_string(const char *name);
char *process_string_replace(const char *str);

void sort_file_node_list(struct gr_learn_file_node *root);

void add_sock_family(struct proc_acl *subject, const char *family);
const char *get_sock_family_from_val(int val);
void set_role_umask(struct role_acl *role, u_int16_t umask);

char *get_anchor(const char *filename);
int anchorcmp(const char *path1, const char *path2);

char *strip_trailing_slash(char *filename);
int get_canonical_inodev(const char *name, u_int64_t *ino, u_int32_t *dev, int *is_symlink);

void init_res_table(void);
int bikeshedding_detected(void);
char *get_bikeshedded_path(const char *path);

void check_file_node_list_integrity(struct gr_learn_file_node **filelist);
void check_conformity_with_learned_rules(struct gr_learn_file_node *subject);
void check_high_protected_path_enforcement(struct gr_learn_file_node *subject);


The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.