alpine 3.6
access weakness #309

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

lvm2/src/LVM2.2.02.168/daemons/cmirrord/clogd.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 			break;
		case EXIT_KERNEL_SETSOCKOPT:
			LOG_ERROR("Unable to setsockopt on netlink socket");
			break;
		case EXIT_CLUSTER_CKPT_INIT:
			LOG_ERROR("Unable to initialize checkpoint service");
			LOG_ERROR("Has the cluster infrastructure been started?");
			break;
		case EXIT_FAILURE:
			LOG_ERROR("Failed to start: Generic error");
			break;
		default:
			LOG_ERROR("Failed to start: Unknown error");
			break;
		}
		exit(EXIT_FAILURE);
	}

	setsid();
	if (chdir("/")) {
		LOG_ERROR("Failed to chdir /: %s", strerror(errno));
		exit(EXIT_FAILURE);
	}

	umask(0);

	if (close(0) || close(1) || close(2)) {
		LOG_ERROR("Failed to close terminal FDs");
		exit(EXIT_FAILURE);
	}

	if ((dup2(devnull, 0) < 0) || /* reopen stdin */
	    (dup2(devnull, 1) < 0) || /* reopen stdout */
	    (dup2(devnull, 2) < 0))   /* reopen stderr */
		exit(EXIT_FAILURE);

	if ((devnull > STDERR_FILENO) && close(devnull)) {
		LOG_ERROR("Failed to close descriptor %d: %s",
			  devnull, strerror(errno));
		exit(EXIT_FAILURE);
	}

	LOG_OPEN("cmirrord", LOG_PID, LOG_DAEMON);
}

/*
 * init_all
 *
 * Initialize modules.  Exit on failure.
 */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.