alpine 3.6
access weakness #408

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

abook/src/abook-0.6.1/abook.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 
	fprintf(stderr, _("Memory allocation failure: %s\n"), strerror(err));
	exit(EXIT_FAILURE);
}

static void
init_abook()
{
	set_filenames();
	check_abook_directory();
	init_opts();
	if(load_opts(rcfile) > 0) {
		printf(_("Press enter to continue...\n"));
		fgetc(stdin);
	}
	init_default_views();

	signal(SIGTERM, quit_abook_sig);

	init_index();

	if(init_ui())
		exit(EXIT_FAILURE);

	umask(DEFAULT_UMASK);

	if(!datafile_writeable()) {
		char *s = strdup_printf(_("File %s is not writeable"), datafile);
		refresh_screen();
		statusline_msg(s);
		free(s);
		if(load_database(datafile) || !statusline_ask_boolean(
					_("If you continue all changes will "
				"be lost. Do you want to continue?"), FALSE)) {
			free_opts();
			/*close_database();*/
			close_ui();
			exit(EXIT_FAILURE);
		}
	} else
		load_database(datafile);

	refresh_screen();
}

void
quit_abook(int save_db)
{
	if(save_db)  {
		if(opt_get_bool(BOOL_AUTOSAVE)) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.