alpine 3.6
access weakness #399

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

oprofile/src/oprofile-0.9.9/gui/oprof_start_config.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

  *
 * @remark Copyright 2002 OProfile authors
 * @remark Read the file COPYING
 *
 * @author John Levon
 * @author Philippe Elie
 */

#include <stdio.h>

#include <sstream>
#include <fstream>
#include <iomanip>
#include <sys/utsname.h>

#include "string_manip.h"
#include "oprof_start_config.h"
#include "op_config.h"

using namespace std;

event_setting::event_setting()
	:
	count(0),
	umask(0),
	os_ring_count(0),
	user_ring_count(0)
{
}


config_setting::config_setting()
	:
	buffer_size(OP_DEFAULT_BUF_SIZE),
	note_table_size(0),
	no_kernel(false),
	verbose(false),
	separate_lib(false),
	separate_kernel(false),
	separate_cpu(false),
	separate_thread(false),
	callgraph_depth(0),
	buffer_watershed(0),
	cpu_buffer_size(0)
{
	struct utsname info;

	/* Guess path to vmlinux based on kernel currently running. */
	if (uname(&info)) {
		perror("oprof_start: Unable to determine OS release."); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.