alpine 3.6
access weakness #475

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

pptpd/src/pptpd-1.4.0/bcrelay.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 
        /* Strip -d option */
        new_argv = malloc((argc) * sizeof(char **));
        fdr = open("/dev/null", O_RDONLY);
        new_argv[0] = BCRELAY_BIN;
        for (i = 1; argv[i] != NULL; i++) {
                if (fdr != 0) { dup2(fdr, 0); close(fdr); }
                if ( (strcmp(argv[i],"-d")) == 0 ) {
                        minusd=1;
                }
                if (minusd) {
                        new_argv[i] = argv[i+1];
                } else {
                        new_argv[i] = argv[i];
                }
        }
        syslog(LOG_DEBUG, "Option parse OK, re-execing as daemon");
        fflush(stderr);
        if ((pid = vfork()) == 0) {
                if (setsid() < 0) {                      /* shouldn't fail */
                        syslog(LOG_ERR, "Setsid failed!");
                        _exit(1);
                }
                chdir("/");
                umask(0);
                /* execve only returns on an error */
                execve(BCRELAY_BIN, new_argv, environ);
                exit(1);
        } else if (pid > 0) {
                syslog(LOG_DEBUG, "Success re-execing as daemon!");
                exit(0);
        } else {
                syslog(LOG_ERR, "Error vforking");
                exit(1);
        }
#else
    pid=fork();
    if (pid<0) { syslog(LOG_ERR, "Error forking"); _exit(1); }
    if (pid>0) { syslog(LOG_DEBUG, "Parent exits"); _exit(0); }
    if (pid==0) { syslog(LOG_DEBUG, "Running as child"); }
    /* child (daemon) continues */
    if (setsid() < 0) {                      /* shouldn't fail */
      syslog(LOG_ERR, "Setsid failed!");
      _exit(1);
    }
    chdir("/");
#endif
}
#endif
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.