alpine 3.6
access weakness #387

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

lockdev/src/lockdev-0_git20130107/src/lockdev.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 /* exported by the interface file lockdev.h */
pid_t
dev_relock (const char  *devname,
	    const pid_t  old_pid)
{
	const char * p;
	char device[MAXPATHLEN+1];
	char lock1[MAXPATHLEN+1];
	char lock2[MAXPATHLEN+1];
	struct stat statbuf;
	pid_t pid, our_pid;
	FILE *fd = 0;

#if DEBUG
	if ( env_var_debug == -1 ) {
		char *value;
		if ( value=getenv( _env_var ) )
			env_var_debug = liblockdev_debug = atoi( value);
		signal( SIGUSR1, _dl_sig_handler);
		signal( SIGUSR2, _dl_sig_handler);
	}
#endif /* DEBUG */
	_debug( 3, "dev_relock(%s, %d)\n", devname, (int)old_pid);
	if (oldmask == -1 )
		oldmask = umask( 002);	/* apply o-w to files created */
	if ( ! (p=_dl_check_devname( devname)) )
	 	close_n_return(-EPERM);
	strcpy( device, DEV_PATH);
	strcat( device, p);	/* now device has a copy of the pathname */
	_debug( 2, "dev_relock() device = %s\n", device);

	/* check the device name for existence and retrieve the major
	 * and minor numbers
	 */
	if ( stat( device, &statbuf) == -1 ) {
		close_n_return(-errno);
	}
	if ( access( device, W_OK ) == -1 ) {
		close_n_return(-errno);
	}

	/* now get our own pid */
	our_pid = dev_getpid();
	_debug( 2, "dev_relock() our own pid = %d\n", (int)our_pid);

	/* first check for the FSSTND-1.2 lock, get the pid of the
	 * owner of the lock and test for its existence; in case,
	 * return the pid of the owner of the lock.
	 */
	/* lockfile of type /var/lock/LCK..ttyS2 */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.