alpine 3.6
access weakness #361

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

bash/src/bash-4.3/examples/loadables/mkdir.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

     omode = S_IRWXU | S_IRWXG | S_IRWXO;	/* a=rwx */
  else if (ISOCTAL (*mode))	/* octal number */
    {
      omode = read_octal (mode);
      if (omode < 0)
	{
	  builtin_error ("invalid file mode: %s", mode);
	  return (EXECUTION_FAILURE);
	}
      octal = 1;
    }
  else if (mode)
    {
      /* initial bits are a=rwx; the mode argument modifies them */
      omode = parse_symbolic_mode (mode, S_IRWXU | S_IRWXG | S_IRWXO);
      if (omode < 0)
	{
	  builtin_error ("invalid file mode: %s", mode);
	  return (EXECUTION_FAILURE);
	}
      octal = 0;
    }

  /* Make the new mode */
  original_umask = umask (0);
  umask (original_umask);

  nmode = (S_IRWXU | S_IRWXG | S_IRWXO) & ~original_umask;
  parent_mode = nmode | (S_IWUSR|S_IXUSR);	/* u+wx */

  /* Adjust new mode based on mode argument */
  nmode &= omode;

  for (rval = EXECUTION_SUCCESS, l = list; l; l = l->next)
    {
      if (pflag && make_path (l->word->word, nmode, parent_mode))
	{
	  rval = EXECUTION_FAILURE;
	  continue;
	}
      else if (pflag == 0 && mkdir (l->word->word, nmode) < 0)
        {
          builtin_error ("cannot create directory '%s': %s", l->word->word, strerror (errno));
          rval = EXECUTION_FAILURE;
        }
    }
  return rval;
}

/* Make all the directories leading up to PATH, then create PATH.  Note that 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.