alpine 3.6
access weakness #362

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

neovim/src/neovim-0.2.0/src/nvim/fileio.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

   mode_t umask_save = umask(0077);
  for (size_t i = 0; i < ARRAY_SIZE(temp_dirs); i++) {
    // Expand environment variables, leave room for "/nvimXXXXXX/999999999"
    expand_env((char_u *)temp_dirs[i], template, TEMP_FILE_PATH_MAXLEN - 22);
    if (!os_isdir(template)) {  // directory doesn't exist
      continue;
    }

    add_pathsep((char *)template);
    // Concatenate with temporary directory name pattern
    STRCAT(template, "nvimXXXXXX");

    if (os_mkdtemp((const char *)template, (char *)path) != 0) {
      continue;
    }

    if (vim_settempdir((char *)path)) {
      // Successfully created and set temporary directory so stop trying.
      break;
    } else {
      // Couldn't set 'vim_tempdir' to 'path' so remove created directory.
      os_rmdir((char *)path);
    }
  }
  (void)umask(umask_save);
}

/// Delete "name" and everything in it, recursively.
/// @param name The path which should be deleted.
/// @return 0 for success, -1 if some file was not deleted.
int delete_recursive(const char *name)
{
  int result = 0;

  if (os_isrealdir(name)) {
    snprintf((char *)NameBuff, MAXPATHL, "%s/*", name);  // NOLINT

    char_u **files;
    int file_count;
    char_u *exp = vim_strsave(NameBuff);
    if (gen_expand_wildcards(1, &exp, &file_count, &files,
                             EW_DIR | EW_FILE | EW_SILENT | EW_ALLLINKS
                             | EW_DODOT | EW_EMPTYOK) == OK) {
      for (int i = 0; i < file_count; i++) {
        if (delete_recursive((const char *)files[i]) != 0) {
          result = -1;
        }
      }
      FreeWild(file_count, files);
    } else { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.