alpine 3.7
misc weakness #433

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data.

File Name:

inetutils-syslogd/src/inetutils-1.9.4/lib/getpass.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 misc weakness.

    Copyright (C) 2004, 2009-2015 Free Software Foundation, Inc.
   Contributed by Simon Josefsson <jas@extundo.com>, 2004.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3, or (at your option)
   any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, see <http://www.gnu.org/licenses/>.  */

#ifndef GETPASS_H
# define GETPASS_H

/* Get getpass declaration, if available.  */
# include <unistd.h>

# if !HAVE_DECL_GETPASS
/* Read a password of arbitrary length from /dev/tty or stdin.  */
char *getpass (const char *prompt);

# endif

#endif /* GETPASS_H */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.