alpine 3.6
access weakness #340


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

  * Copyright (C) 2002-2015 Bradley Spengler, Open Source Security, Inc.
 * This file is part of gradm.
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version 2
 * as published by the Free Software Foundation.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

#include "gradm.h"

extern FILE *gradmin;
extern int gradmparse(void);

void set_role_umask(struct role_acl *role, u_int16_t umask)
	role->umask = umask;

char *strip_trailing_slash(char *filename)
	unsigned int file_len = strlen(filename);
	if (file_len > 1 && filename[file_len - 1] == '/')
		filename[file_len - 1] = '\0';

	if (file_len >= PATH_MAX) {
		fprintf(stderr, "Filename too long on line %lu of file %s.\n",
			lineno, current_acl_file);

	return filename;

static int get_id_from_role_name(const char *rolename, u_int16_t type, int *retid)
	unsigned long the_id = 0;
	struct passwd *pwd;
	struct group *grp;
	char *endptr; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.