alpine 3.6
access weakness #356

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

bash/src/bash-4.3/examples/loadables/mkdir.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

      char *path;
     int nmode, parent_mode;
{
  int oumask;
  struct stat sb;
  char *p, *npath;

  if (stat (path, &sb) == 0)
    {
      if (S_ISDIR (sb.st_mode) == 0)
	{
	  builtin_error ("'%s': file exists but is not a directory", path);
	  return 1;
	}
	
      if (chmod (path, nmode))
        {
          builtin_error ("%s: %s", path, strerror (errno));
          return 1;
        }

      return 0;
    }

  oumask = umask (0);
  npath = savestring (path);	/* So we can write to it. */
    
  /* Check whether or not we need to do anything with intermediate dirs. */

  /* Skip leading slashes. */
  p = npath;
  while (*p == '/')
    p++;

  while (p = strchr (p, '/'))
    {
      *p = '\0';
      if (stat (npath, &sb) != 0)
	{
	  if (mkdir (npath, parent_mode))
	    {
	      builtin_error ("cannot create directory '%s': %s", npath, strerror (errno));
	      umask (original_umask);
	      free (npath);
	      return 1;
	    }
	}
      else if (S_ISDIR (sb.st_mode) == 0)
        {
          builtin_error ("'%s': file exists but is not a directory", npath); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.