alpine 3.6
access weakness #499


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

         dmn_log_fatal("close() of status pipe read-side failed in first child: %s", dmn_strerror(errno));

    // setsid() and ignore HUP/PIPE before the second fork
    if(setsid() == -1) dmn_log_fatal("setsid() failed: %s", dmn_strerror(errno));
    struct sigaction sa;
    sa.sa_flags = 0;
    sa.sa_handler = SIG_IGN;

    if(sigaction(SIGHUP, &sa, NULL))
        dmn_log_fatal("sigaction to ignore SIGHUP failed: %s", dmn_strerror(errno));

    if(sigaction(SIGPIPE, &sa, NULL))
        dmn_log_fatal("sigaction to ignore SIGPIPE failed: %s", dmn_strerror(errno));

    // Fork again.  This time the intermediate parent exits immediately.
    const pid_t second_fork_pid = fork();
    if(second_fork_pid == -1)
        dmn_log_fatal("fork() failed: %s", dmn_strerror(errno));
    if(second_fork_pid) // intermediate parent proc

    // we're now in the final child daemon


    const pid_t pid = startup_pidrace(pidfile, restart);

    if(!freopen("/dev/null", "r", stdin))
        dmn_log_fatal("Cannot open /dev/null: %s", dmn_strerror(errno));
    if(!freopen("/dev/null", "w", stdout))
        dmn_log_fatal("Cannot open /dev/null: %s", dmn_strerror(errno));
    if(!freopen("/dev/null", "r+", stderr))
        dmn_log_fatal("Cannot open /dev/null: %s", dmn_strerror(errno));
    dmn_log_info("Daemonized, final pid is %li", (long)pid);

    // track fd for later dmn_daemonize_finish()
    status_finish_fd = statuspipe[1];

void dmn_daemonize_finish(void) {
    dmn_assert(status_finish_fd != -1);

    // inform original parent of our success, but if for some reason
    //   it died before we could do so, carry on anyways...
    errno = 0;
    char successchar = '$ ';
    if(1 != write(status_finish_fd, &successchar, 1))
        dmn_log_err("Bug? failed to notify parent of daemonization success! Errno was %s", dmn_strerror(errno));

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.