alpine 3.6
access weakness #83


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.


static long safe_strtol(char const *nptr, char const **endptr, int base)
	long rv;

	errno = 0;

	rv = strtol(nptr, (char**)endptr, 10);

	if (errno == ERANGE) {
		return 0;

	return rv;

static void safe_mkdir(command_t *cmd, char const *path)
	int status;
	mode_t old_umask;

	old_umask = umask(0);

	status = mkdir(path);
	status = mkdir(path, ~old_umask);
	if ((status < 0) && (errno != EEXIST)) {
		NOTICE("Warning: mkdir of %s failed\n", path);

/** Returns a file's name without the path
 * @param path to break apart.
 * @return pointer in path.
static char const *file_name(char const *path)
	char const *name;

	name = strrchr(path, '/');
	if (!name) {
		name = strrchr(path, '\\'); 	/* eww windows? */
	if (!name) { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.