alpine 3.6
access weakness #478

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

cpufreqd/src/cpufreqd-2.4.2/src/daemon_utils.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 		/* see if there is a pid already */
		if (fscanf(pid, "%s", oldpid) == 1) {
			FILE *fd;
			char old_pidfile[256];
			char old_cmdline[256];

			snprintf(old_pidfile, 256, "/proc/%s/cmdline", oldpid);
			fd = fopen(old_pidfile, "r");
			/* if the file exists see if there's another cpufreqd process running */
			if (fd) {
				if (fscanf(fd, "%s", old_cmdline) == 1
						&& strstr(old_cmdline,"cpufreqd") != NULL) {
					clog(LOG_ERR, "the daemon is already running.\n");
					fclose(fd);
					fclose(pid);
					return -1;
				}
				fclose(fd);
			}
		}
		fclose(pid);
	}

	/* set permission mask 033 */
	umask( S_IXGRP | S_IXOTH | S_IWOTH | S_IWGRP );

	/* write pidfile */
	pid = fopen(pidfile, "w");
	if (!pid) {
		clog(LOG_ERR, "%s: %s.\n", pidfile, strerror(errno));
		return -1;
	}

	if (!fprintf(pid, "%d", getpid())) {
		clog(LOG_ERR, "cannot write pid %d.\n", getpid());
		fclose(pid);
		clear_cpufreqd_pid(pidfile);
		return -1;
	}

	fclose(pid);
	return 0;
}

/* int clear_cpufreqd_pid(const char *)
 *
 * Removes pid file
 *
 * Returns 0 on success, -1 otherwise.
 */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.