alpine 3.6
access weakness #495

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

dansguardian/src/dansguardian-2.12.0.3/src/FatController.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 	pid_t pid;
	if ((pid = fork()) < 0) {
		// Error!!
		close(nullfd);
		return false;
	}
	else if (pid != 0) {
		// parent goes...
		if (nullfd != -1) {
			close(nullfd);
		}

		// bye-bye
		exit(0);
	}

	// child continues
	dup2(nullfd, 0);  // stdin
	dup2(nullfd, 1);  // stdout
	dup2(nullfd, 2);  // stderr
	close(nullfd);

	setsid();  // become session leader
	int dummy = chdir("/");  // change working directory
	umask(0);  // clear our file mode creation mask

	is_daemonised = true;

	return true;
}


// *
// *
// *  child process code
// *
// *

// prefork specified num of children and set them handling connections
int prefork(int num)
{
	if (num < waitingfor) {
		return 3;  // waiting for forks already
	}
#ifdef DGDEBUG
	std::cout << "attempting to prefork:" << num << std::endl;
#endif
	int sv[2];
	pid_t child_pid;
	while (num--) { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.