alpine 3.6
access weakness #487

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

avahi/src/avahi-0.6.32/avahi-daemon/main.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

     u = umask(0000);
    reset_umask = 1;

    if (mkdir(AVAHI_DAEMON_RUNTIME_DIR, 0755) < 0 && errno != EEXIST) {
        avahi_log_error("mkdir(\""AVAHI_DAEMON_RUNTIME_DIR"\"): %s", strerror(errno));
        goto fail;
    }

    chown(AVAHI_DAEMON_RUNTIME_DIR, pw->pw_uid, gr->gr_gid);

    if (stat(AVAHI_DAEMON_RUNTIME_DIR, &st) < 0) {
        avahi_log_error("stat(): %s\n", strerror(errno));
        goto fail;
    }

    if (!S_ISDIR(st.st_mode) || st.st_uid != pw->pw_uid || st.st_gid != gr->gr_gid) {
        avahi_log_error("Failed to create runtime directory "AVAHI_DAEMON_RUNTIME_DIR".");
        goto fail;
    }

    r = 0;

fail:
    if (reset_umask)
        umask(u);
    return r;
}

static void set_one_rlimit(int resource, rlim_t limit, const char *name) {
    struct rlimit rl;
    rl.rlim_cur = rl.rlim_max = limit;

    if (setrlimit(resource, &rl) < 0)
        avahi_log_warn("setrlimit(%s, {%u, %u}) failed: %s", name, (unsigned) limit, (unsigned) limit, strerror(errno));
}

static void enforce_rlimits(void) {
#ifdef RLIMIT_AS
    if (config.rlimit_as_set)
        set_one_rlimit(RLIMIT_AS, config.rlimit_as, "RLIMIT_AS");
#endif
    if (config.rlimit_core_set)
        set_one_rlimit(RLIMIT_CORE, config.rlimit_core, "RLIMIT_CORE");
    if (config.rlimit_data_set)
        set_one_rlimit(RLIMIT_DATA, config.rlimit_data, "RLIMIT_DATA");
    if (config.rlimit_fsize_set)
        set_one_rlimit(RLIMIT_FSIZE, config.rlimit_fsize, "RLIMIT_FSIZE");
    if (config.rlimit_nofile_set)
        set_one_rlimit(RLIMIT_NOFILE, config.rlimit_nofile, "RLIMIT_NOFILE");
    if (config.rlimit_stack_set) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.