alpine 3.6
access weakness #75

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

pptpd/src/pptpd-1.4.0/pptpd.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

                 new_argv[0] = PPTPD_BIN;
                new_argv[1] = "-f";
                execve(PPTPD_BIN, new_argv, environ);
                _exit(1);
        } else if (pid > 0) {
                exit(0);
        } else {
                syslog_perror("vfork");
                exit(1);
        }
#else
        int pid;

        closelog();
        if ((pid = fork()) < 0) {
                syslog_perror("fork");
                exit(1);
        } else if (pid)
                exit(0);
        if (freopen("/dev/null", "r", stdin) == NULL) {
                syslog_perror("freopen");
        }
        SETSIDPGRP();
        chdir("/");
        umask(0);
        /* pid will have changed */
        openlog("pptpd", LOG_PID, PPTP_FACILITY);
#endif
}
#endif

/* added for hostname/address lookup    -tmk
 * returns NULL if not a valid hostname
 */
static char *lookup(char *hostname)
{
        struct hostent *ent;
        struct in_addr hst_addr;

        /* Try to parse IP directly */
        if (inet_addr(hostname) != -1)
                return hostname;

        /* Else lookup hostname, return NULL if it fails */
        if ((ent = gethostbyname(hostname)) == NULL)
                return NULL;

        /* That worked, print it back as a dotted quad. */
        memcpy(&hst_addr.s_addr, ent->h_addr, ent->h_length);
        return inet_ntoa(hst_addr); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.