alpine 3.6
access weakness #516

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

fakeroot/src/fakeroot-1.21/libfakeroot.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

   mode |= 0600;
  if(S_ISDIR(st.st_mode))
    mode |= 0100;

  r=next_fchmodat(dir_fd, path, mode, flags);
  if(r&&(errno==EPERM))
    r=0;
#ifdef EFTYPE		/* available under FreeBSD kernel */
  if(r&&(errno==EFTYPE))
    r=0;
#endif
  return r;
}
#endif /* HAVE_FCHMODAT */
#endif /* HAVE_FSTATAT */

int WRAP_MKNOD MKNOD_ARG(int ver UNUSED,
			 const char *pathname,
			 mode_t mode, dev_t XMKNOD_FRTH_ARG dev)
{
  INT_STRUCT_STAT st;
  mode_t old_mask=umask(022);
  int fd,r;

  umask(old_mask);

  /*Don't bother to mknod the file, that probably doesn't work.
    just create it as normal file, and leave the premissions
    to the fakemode.*/

  fd=open(pathname, O_WRONLY|O_CREAT|O_TRUNC, 00644);

  if(fd==-1)
    return -1;

  close(fd);
  /* get the inode, to communicate with faked */

  r=INT_NEXT_LSTAT(pathname, &st);

  if(r)
    return -1;

  st.st_mode= mode & ~old_mask;
  st.st_rdev= XMKNOD_FRTH_ARG dev;

  INT_SEND_STAT(&st,mknod_func);

  return 0;
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.