alpine 3.6
access weakness #307

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

lvm2/src/LVM2.2.02.168/daemons/clvmd/clvmd.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 	old_mask = umask(0077);

	/* Open local socket */
	if ((local_socket = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
		log_error("Can't create local socket: %m");
		goto error;
	}

	/* Set Close-on-exec & non-blocking */
	if (fcntl(local_socket, F_SETFD, 1))
		DEBUGLOG("setting CLOEXEC on local_socket failed: %s\n", strerror(errno));
	if (fcntl(local_socket, F_SETFL, fcntl(local_socket, F_GETFL, 0) | O_NONBLOCK))
		DEBUGLOG("setting O_NONBLOCK on local_socket failed: %s\n", strerror(errno));


	if (bind(local_socket, (struct sockaddr *) &sockaddr, sizeof(sockaddr))) {
		log_error("can't bind local socket: %m");
		goto error;
	}
	if (listen(local_socket, 1) != 0) {
		log_error("listen local: %m");
		goto error;
	}

	umask(old_mask);
	(void) dm_prepare_selinux_context(NULL, 0);
	return local_socket;
error:
	close_local_sock(local_socket);
	umask(old_mask);
	(void) dm_prepare_selinux_context(NULL, 0);
	return -1;
}

void process_message(struct local_client *client, char *buf, int len,
		     const char *csid)
{
	char nodename[max_cluster_member_name_len];
	struct clvm_header *inheader = (struct clvm_header *) buf;
	ntoh_clvm(inheader);	/* Byteswap fields */

	if (verify_message(buf, len) < 0) {
		clops->name_from_csid(csid, nodename);
		log_error("process_message from %s len %d bad verify.", nodename, len);
		dump_message(buf, len);
		return;
	}

	if (inheader->cmd == CLVMD_CMD_REPLY)
		process_reply(inheader, len, csid); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.