alpine 3.6
access weakness #470


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

     bool                         isUTPEnabled;
    bool                         isLPDEnabled;
    bool                         isBlocklistEnabled;
    bool                         isPrefetchEnabled;
    bool                         isTorrentDoneScriptEnabled;
    bool                         isClosing;
    bool                         isClosed;
    bool                         isIncompleteFileNamingEnabled;
    bool                         isRatioLimited;
    bool                         isIdleLimited;
    bool                         isIncompleteDirEnabled;
    bool                         pauseAddedTorrent;
    bool                         deleteSourceTorrent;
    bool                         scrapePausedTorrents;

    uint8_t                      peer_id_ttl_hours;

    tr_variant                   removedTorrents;

    bool                         stalledEnabled;
    bool                         queueEnabled[2];
    int                          queueSize[2];
    int                          queueStalledMinutes;

    int                          umask;

    unsigned int                 speedLimit_Bps[2];
    bool                         speedLimitEnabled[2];

    struct tr_turtle_info        turtle;

    struct tr_fdInfo           * fdInfo;

    int                          magicNumber;

    tr_encryption_mode           encryptionMode;

    tr_preallocation_mode        preallocationMode;

    struct event_base          * event_base;
    struct evdns_base          * evdns_base;
    struct tr_event_handle     * events;

    uint16_t                     peerLimit;
    uint16_t                     peerLimitPerTorrent;

    int                          uploadSlotsPerTorrent;

    /* The UDP sockets used for the DHT and uTP. */
    tr_port                      udp_port; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.