alpine 3.6
access weakness #494

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

dansguardian/src/dansguardian-2.12.0.3/src/ContentScanner.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 // start the plugin - i.e. read in the configuration
int CSPlugin::init(void* args)
{
	if (cv["scanpost"] == "on")
		scanpost = true;
	else
		scanpost = false;

	if (!readStandardLists()) {	//always
		return DGCS_ERROR;  //include
	}			// these
	return DGCS_OK;
}

// make a temporary file for storing data which is to be scanned
// returns FD in int and saves filename to String pointer
// filename is not used as input
int CSPlugin::makeTempFile(String * filename)
{
	int tempfilefd;
	String tempfilepath(o.download_dir.c_str());
	tempfilepath += "/tfXXXXXX";
	char *tempfilepatharray = new char[tempfilepath.length() + 1];
	strcpy(tempfilepatharray, tempfilepath.toCharArray());
	umask(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
	if ((tempfilefd = mkstemp(tempfilepatharray)) < 1) {
#ifdef DGDEBUG
		std::cerr << "error creating cs temp " << tempfilepath << ": " << strerror(errno) << std::endl;
#endif
		syslog(LOG_ERR, "%s", "Could not create cs temp file.");
		tempfilefd = -1;
	} else {
		(*filename) = tempfilepatharray;
	}
	delete[]tempfilepatharray;
	return tempfilefd;
}

// write a temporary file containing the memory buffer which is to be scanned
// if your CS plugin does not have the ability to scan memory directly (e.g. clamdscan), this gets used by the default scanMemory to turn it into a file
int CSPlugin::writeMemoryTempFile(const char *object, unsigned int objectsize, String * filename)
{
	int tempfd = makeTempFile(filename);  // String gets modified
	if (tempfd < 0) {
#ifdef DGDEBUG
		std::cerr << "Error creating temp file in writeMemoryTempFile." << std::endl;
#endif
		syslog(LOG_ERR, "%s", "Error creating temp file in writeMemoryTempFile.");
		return DGCS_ERROR;
	} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.