alpine 3.6
access weakness #343

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

libetpan/src/libetpan-1.7.2/src/low-level/mbox/mailmbox.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

   close(source_fd);
 err:
  return res;
}

int mailmbox_expunge_no_lock(struct mailmbox_folder * folder)
{
  char tmp_file[PATH_MAX];
  int r;
  int res;
  int dest_fd;
  size_t size;
  mode_t old_mask;
  
  if (folder->mb_read_only)
    return MAILMBOX_ERROR_READONLY;

  if (((folder->mb_written_uid >= folder->mb_max_uid) || folder->mb_no_uid) &&
      (!folder->mb_changed)) {
    /* no need to expunge */
    return MAILMBOX_NO_ERROR;
  }

  snprintf(tmp_file, PATH_MAX, "%sXXXXXX", folder->mb_filename);
  old_mask = umask(0077);
  dest_fd = mkstemp(tmp_file);
  umask(old_mask);
  
  if (dest_fd < 0) {
    /* fallback to tmp dir */
    
    snprintf(tmp_file, PATH_MAX, TMPDIR "/etpan-unsafe-XXXXXX");
    
    old_mask = umask(0077);
    dest_fd = mkstemp(tmp_file);
    umask(old_mask);
    
    if (dest_fd < 0) {
      res = MAILMBOX_ERROR_FILE;
      goto err;
    }
  }
  
  r = mailmbox_expunge_to_file_no_lock(tmp_file, dest_fd,
				       folder, &size);
  if (r != MAILMBOX_NO_ERROR) {
    res = r;
    goto unlink;
  }
   

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.