alpine 3.6
access weakness #485

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

avahi/src/avahi-0.6.32/avahi-autoipd/main.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 
    pw = NULL;
    gr = NULL;

    /* Get user/group ID */

    if (!no_drop_root) {

        if (!(pw = getpwnam(AVAHI_AUTOIPD_USER))) {
            daemon_log(LOG_ERR, "Failed to find user '"AVAHI_AUTOIPD_USER"'.");
            return -1;
        }

        if (!(gr = getgrnam(AVAHI_AUTOIPD_GROUP))) {
            daemon_log(LOG_ERR, "Failed to find group '"AVAHI_AUTOIPD_GROUP"'.");
            return -1;
        }

        daemon_log(LOG_INFO, "Found user '"AVAHI_AUTOIPD_USER"' (UID %lu) and group '"AVAHI_AUTOIPD_GROUP"' (GID %lu).", (unsigned long) pw->pw_uid, (unsigned long) gr->gr_gid);
    }

    /* Create directory */
    u = umask(0000);
    r = mkdir(AVAHI_IPDATA_DIR, 0755);
    umask(u);

    if (r < 0 && errno != EEXIST) {
        daemon_log(LOG_ERR, "mkdir(\""AVAHI_IPDATA_DIR"\"): %s", strerror(errno));
        return -1;
    }

    /* Convey working directory */

    if (!no_drop_root) {
        struct stat st;

        chown(AVAHI_IPDATA_DIR, pw->pw_uid, gr->gr_gid);

        if (stat(AVAHI_IPDATA_DIR, &st) < 0) {
            daemon_log(LOG_ERR, "stat(): %s\n", strerror(errno));
            return -1;
        }

        if (!S_ISDIR(st.st_mode) || st.st_uid != pw->pw_uid || st.st_gid != gr->gr_gid) {
            daemon_log(LOG_ERR, "Failed to create runtime directory "AVAHI_IPDATA_DIR".");
            return -1;
        }
    }

#ifdef HAVE_CHROOT 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.