alpine 3.6
access weakness #480

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

kyua/src/kyua-0.13/utils/process/isolation.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 
}  // anonymous namespace


/// Cleans up the container process to run a new child.
///
/// If there is any error during the setup, the new process is terminated
/// with an error code.
///
/// \param unprivileged_user Unprivileged user to run the test case as.
/// \param work_directory Path to the test case-specific work directory.
void
process::isolate_child(const optional< passwd::user >& unprivileged_user,
                       const fs::path& work_directory)
{
    isolate_path(unprivileged_user, work_directory);
    if (::chdir(work_directory.c_str()) == -1)
        fail(F("chdir(%s) failed") % work_directory, errno);

    utils::unlimit_core_size();
    if (!signals::reset_all()) {
        LW("Failed to reset one or more signals to their default behavior");
    }
    prepare_environment(work_directory);
    (void)::umask(0022);

    if (unprivileged_user && passwd::current_user().is_root()) {
        const passwd::user& user = unprivileged_user.get();

        if (user.gid != ::getgid()) {
            if (::setgid(user.gid) == -1)
                fail(F("setgid(%s) failed; UID is %s and GID is %s")
                     % user.gid % ::getuid() % ::getgid(), errno);
            if (::getuid() == 0) {
                ::gid_t groups[1];
                groups[0] = user.gid;
                if (::setgroups(1, groups) == -1)
                    fail(F("setgroups(1, [%s]) failed; UID is %s and GID is %s")
                         % user.gid % ::getuid() % ::getgid(), errno);
            }
        }
        if (user.uid != ::getuid()) {
            if (::setuid(user.uid) == -1)
                fail(F("setuid(%s) failed; UID is %s and GID is %s")
                     % user.uid % ::getuid() % ::getgid(), errno);
        }
    }
}

 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.