alpine 3.6
access weakness #473

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

libetpan/src/libetpan-1.7.2/src/low-level/mbox/mailmbox.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

   size_t size;
  mode_t old_mask;
  
  if (folder->mb_read_only)
    return MAILMBOX_ERROR_READONLY;

  if (((folder->mb_written_uid >= folder->mb_max_uid) || folder->mb_no_uid) &&
      (!folder->mb_changed)) {
    /* no need to expunge */
    return MAILMBOX_NO_ERROR;
  }

  snprintf(tmp_file, PATH_MAX, "%sXXXXXX", folder->mb_filename);
  old_mask = umask(0077);
  dest_fd = mkstemp(tmp_file);
  umask(old_mask);
  
  if (dest_fd < 0) {
    /* fallback to tmp dir */
    
    snprintf(tmp_file, PATH_MAX, TMPDIR "/etpan-unsafe-XXXXXX");
    
    old_mask = umask(0077);
    dest_fd = mkstemp(tmp_file);
    umask(old_mask);
    
    if (dest_fd < 0) {
      res = MAILMBOX_ERROR_FILE;
      goto err;
    }
  }
  
  r = mailmbox_expunge_to_file_no_lock(tmp_file, dest_fd,
				       folder, &size);
  if (r != MAILMBOX_NO_ERROR) {
    res = r;
    goto unlink;
  }
  
  close(dest_fd);

  r = rename(tmp_file, folder->mb_filename);
  if (r < 0) {
    mailmbox_unmap(folder);
    mailmbox_close(folder);
    
    /* fallback on copy to old file */
    
    r = copy_to_old_file(tmp_file, folder->mb_filename, size);
    if (r != MAILMBOX_NO_ERROR) { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.