alpine 3.6
access weakness #386

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

lockdev/src/lockdev-0_git20130107/src/lockdev.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 pid_t
dev_lock (const char *devname)
{
	const char * p;
	char device[MAXPATHLEN+1];
	char lock[MAXPATHLEN+1];
	char lock0[MAXPATHLEN+1];
	char lock1[MAXPATHLEN+1];
	char lock2[MAXPATHLEN+1];
	struct stat statbuf;
	pid_t pid, pid2, our_pid;
	FILE *fd = 0;

#if DEBUG
	if ( env_var_debug == -1 ) {
		char *value;
		if ( value=getenv( _env_var ) )
			env_var_debug = liblockdev_debug = atoi( value);
		signal( SIGUSR1, _dl_sig_handler);
		signal( SIGUSR2, _dl_sig_handler);
	}
#endif /* DEBUG */
	_debug( 3, "dev_lock(%s)\n", devname);
	if (oldmask == -1 )
		oldmask = umask( 002);	/* apply o-w to files created */
	if ( ! (p=_dl_check_devname( devname)) )
	 	close_n_return(-EINVAL);
	strcpy( device, DEV_PATH);
	strcat( device, p);	/* now device has a copy of the pathname */
	_debug( 2, "dev_lock() device = %s\n", device);

	/* check the device name for existence and retrieve the major
	 * and minor numbers
	 */
	if ( stat( device, &statbuf) == -1 ) {
		close_n_return(-errno);
	}
	if ( access( device, W_OK ) == -1 ) {
		close_n_return(-errno);
	}

	/* now get our own pid */
	our_pid = dev_getpid();
	_debug( 2, "dev_lock() our own pid = %d\n", (int)our_pid);

	/* We will use this algorithm:
	 * first we build a file using the pid in the name (garanteed to
	 * be unique), then we try to link to the lockname (atomic
	 * operation which doesn't overwrite existing files). If we
	 * succeed then we link it to the other lockname. Only when both 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.