alpine 3.6
access weakness #454

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

jailkit/src/jailkit-2.19/src/jk_lsh.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 		DEBUG_MSG(PROGRAMNAME" configfile missing\n");
		exit(1);
	}
	/* check if this user has a section. asprintf() is a GNU extension which is
	not available on Solaris */
	groupsec = strcat(strcpy(malloc0(strlen(gr->gr_name)+7), "group "), gr->gr_name);
	if (iniparser_has_section(parser, pw->pw_name)) {
		section = pw->pw_name;
	} else if (iniparser_has_section(parser, groupsec)) {
		section = groupsec;
	} else if (iniparser_has_section(parser, "DEFAULT")) {
		section = "DEFAULT";
	} else {
		syslog(LOG_ERR, "did neither find a section '%s', nor 'group %s' nor 'DEFAULT' in configfile "CONFIGFILE, pw->pw_name, gr->gr_name);
		exit(3);
	}
	section_pos = iniparser_get_position(parser) - strlen(section) - 2;
	section_pos = section_pos >= 0 ? section_pos : 0;
	DEBUG_MSG("using section %s\n",section);

	DEBUG_MSG("setting umask\n");
	umaskval = iniparser_get_octalint_at_position(parser, section, "umask", section_pos);
	if (umaskval != -1) {
		mode_t oldumask;
		oldumask = umask(umaskval);
		/*syslog(LOG_DEBUG, "changing umask from 0%o to 0%o", oldumask, umaskval);*/
	}
	if (iniparser_get_string_at_position(parser, section, "environment", section_pos, buffer, 1024) > 0) {
		char **envs, **tmp;
		envs = explode_string(buffer, ',');
		tmp = envs;
		while (*tmp) {
			char **keyval = explode_string(*tmp, '=');
			if (keyval[0] && keyval[1] && keyval[2]==NULL) {
				setenv(keyval[0],keyval[1],1);
			}
			free_array(keyval);
			tmp++;
		}
		free_array(envs);
	}

	DEBUG_MSG("exploding string '%s'\n",argv[argc-1]);
	if (iniparser_get_int_at_position(parser, section, "allow_word_expansion", section_pos)) {
		newargv = expand_newargv(argv[argc-1]);
	} else {
		newargv = explode_string(argv[argc-1], ' ');
	}
	if (iniparser_get_string_at_position(parser, section, "paths", section_pos, buffer, 1024) > 0) {
		DEBUG_LOG("paths, buffer=%s\n",buffer); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.