alpine 3.6
access weakness #400


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 * @file oprof_start_config.h
 * GUI startup config management
 * @remark Copyright 2002 OProfile authors
 * @remark Read the file COPYING
 * @author John Levon
 * @author Philippe Elie


#include <sys/types.h>
#include <string>
#include <iosfwd>

/// Store the setup of one event
struct event_setting {


	uint count;
	uint umask;
	bool os_ring_count;
	bool user_ring_count;

 * Store the general  configuration of the profiler.
 * There is no save(), instead opcontrol --setup must be
 * called. This uses opcontrol's daemonrc file.
struct config_setting {

	void load(std::istream & in);

	uint buffer_size;
	uint note_table_size;
	std::string kernel_filename;
	bool no_kernel;
	bool verbose;
	bool separate_lib;
	bool separate_kernel;
	bool separate_cpu;
	bool separate_thread;
	uint callgraph_depth;
	uint buffer_watershed; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.