alpine 3.6
access weakness #410

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

gphoto2/src/gphoto2-2.5.10/gphoto2/main.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 				int in_fd, out_fd;

				in_fd = open(curname, O_RDONLY);
				if (in_fd < 0)
					perror("Can't open file for reading");

				out_fd = open(s, O_CREAT | O_WRONLY, 0644);
				if (out_fd < 0)
					perror("Can't open file for writing");

				while (1) {
					ssize_t result = read(in_fd, buf, sizeof(buf));
					if (!result) break;
					if (-1 == write(out_fd, buf, result)) {
						perror("write");
						break;
					}
				}
				close(out_fd);
				close(in_fd);
				unlink(curname);
			} else
				perror("rename");
		}
		x = umask(0022); /* get umask */
		umask(x);/* set it back to the old value */
		chmod(s,0666 & ~x);
	}
	res = gp_file_get_mtime (file, &mtime);
        if ((res == GP_OK) && (mtime)) {
                u.actime = mtime;
                u.modtime = mtime;
                utime (s, &u);
        }
	gp_params_run_hook(&gp_params, "download", s);
	return (GP_OK);
}

int
camera_file_exists (Camera *camera, GPContext *context, const char *folder,
		    const char *filename, CameraFileType type)
{
	CameraFileInfo info;
	CR (gp_camera_file_get_info (camera, folder, filename, &info,
				     context));
	switch (type) {
	case GP_FILE_TYPE_METADATA:
		return TRUE;
	case GP_FILE_TYPE_AUDIO:
		return (info.audio.fields != 0); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.