alpine 3.6
access weakness #347

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

pptpd/src/pptpd-1.4.0/pptpd.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

                 return;
        }
        fprintf(f, "%d\n", pid);
        fclose(f);
}

#ifndef HAVE_DAEMON
static void my_daemon(int argc, char **argv)
{
#ifndef HAVE_FORK
        /* need to use vfork - eg, uClinux */
        char **new_argv;
        int pid;
        extern char **environ;
        int fdr;

        new_argv = malloc((argc + 2) * sizeof(char **));
        fdr = open("/dev/null", O_RDONLY);
        syslog(LOG_INFO, "MGR: Option parse OK, re-execing as daemon");
        fflush(stderr);
        if ((pid = vfork()) == 0) {
                if (fdr != 0) { dup2(fdr, 0); close(fdr); }
                SETSIDPGRP();
                chdir("/");
                umask(0);
                memcpy(new_argv + 1, argv, (argc + 1) * sizeof(char **));
                new_argv[0] = PPTPD_BIN;
                new_argv[1] = "-f";
                execve(PPTPD_BIN, new_argv, environ);
                _exit(1);
        } else if (pid > 0) {
                exit(0);
        } else {
                syslog_perror("vfork");
                exit(1);
        }
#else
        int pid;

        closelog();
        if ((pid = fork()) < 0) {
                syslog_perror("fork");
                exit(1);
        } else if (pid)
                exit(0);
        if (freopen("/dev/null", "r", stdin) == NULL) {
                syslog_perror("freopen");
        }
        SETSIDPGRP();
        chdir("/"); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.