alpine 3.6
access weakness #441


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

  struct mkdir_options const *o = options;
  if (o->created_directory_format)
    prog_fprintf (stdout, o->created_directory_format, quoteaf (dir));

/* Make ancestor directory DIR, whose last component is COMPONENT,
   with options OPTIONS.  Assume the working directory is COMPONENT's
   parent.  Return 0 if successful and the resulting directory is
   readable, 1 if successful but the resulting directory is not
   readable, -1 (setting errno) otherwise.  */
static int
make_ancestor (char const *dir, char const *component, void *options)
  struct mkdir_options const *o = options;

  if (o->set_security_context && defaultcon (component, S_IFDIR) < 0
      && ! ignorable_ctx_err (errno))
    error (0, errno, _("failed to set default creation context for %s"),
           quoteaf (dir));

  mode_t user_wx = S_IWUSR | S_IXUSR;
  bool self_denying_umask = (o->umask_value & user_wx) != 0;
  if (self_denying_umask)
    umask (o->umask_value & ~user_wx);
  int r = mkdir (component, S_IRWXUGO);
  if (self_denying_umask)
      int mkdir_errno = errno;
      umask (o->umask_value);
      errno = mkdir_errno;
  if (r == 0)
      r = (o->umask_value & S_IRUSR) != 0;
      announce_mkdir (dir, options);
  return r;

/* Process a command-line file name.  */
static int
process_dir (char *dir, struct savewd *wd, void *options)
  struct mkdir_options const *o = options;

  /* If possible set context before DIR created.  */
  if (o->set_security_context)
      if (! o->make_ancestor_function && defaultcon (dir, S_IFDIR) < 0 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.