alpine 3.6
access weakness #427

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mksh/src/mksh/funcs.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 				*p++ = ',';
			}
			p[-1] = '\0';
			shprintf(Tf_sN, buf);
		} else
			shprintf("%#3.3o\n", (unsigned int)old_umask);
	} else {
		mode_t new_umask;

		if (ksh_isdigit(*cp)) {
			new_umask = 0;
			while (*cp >= ord('0') && *cp <= ord('7')) {
				new_umask = new_umask * 8 + ksh_numdig(*cp);
				++cp;
			}
			if (*cp) {
				bi_errorf(Tbadnum);
				return (1);
			}
		} else {
			/* symbolic format */
			int positions, new_val;
			char op;

			old_umask = umask((mode_t)0);
			/* in case of error */
			umask(old_umask);
			old_umask = ~old_umask;
			new_umask = old_umask;
			positions = 0;
			while (*cp) {
				while (*cp && vstrchr(Taugo, *cp))
					switch (*cp++) {
					case 'a':
						positions |= 0111;
						break;
					case 'u':
						positions |= 0100;
						break;
					case 'g':
						positions |= 0010;
						break;
					case 'o':
						positions |= 0001;
						break;
					}
				if (!positions)
					/* default is a */
					positions = 0111;
				if (!vstrchr("=+-", op = *cp)) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.