alpine 3.7
misc weakness #416


Weakness Breakdown


The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.7 misc weakness.

 #ifdef __GNUC__
/* Mingw32 defaults to globing command line
 * So we turn it off like this:
int _CRT_glob = 0;

#if defined(__MINGW32__) && (__MINGW32_MAJOR_VERSION==1)	
/* Mingw32-1.1 is missing some prototypes */
FILE * _wfopen(LPCWSTR wszFileName, LPCWSTR wszMode);
FILE * _wfdopen(int nFd, LPCWSTR wszMode);
FILE * _freopen(LPCWSTR wszFileName, LPCWSTR wszMode, FILE * pOldStream);
int _flushall();
int _fcloseall();

#define EXECF_EXEC 1
#define EXECF_SPAWN 2

#if defined(PERL_IMPLICIT_SYS)
#  undef getlogin
#  define getlogin g_getlogin

/* VS2005 (MSC version 14) provides a mechanism to set an invalid
 * parameter handler.  This functionality is not available in the
 * 64-bit compiler from the Platform SDK, which unfortunately also
 * believes itself to be MSC version 14.
 * There is no #define related to _set_invalid_parameter_handler(),
 * but we can check for one of the constants defined for
 * _set_abort_behavior(), which was introduced into stdlib.h at
 * the same time.

#if _MSC_VER >= 1400 && defined(_WRITE_ABORT_MSG)

static BOOL	set_silent_invalid_parameter_handler(BOOL newvalue);
static void	my_invalid_parameter_handler(const wchar_t* expression,
			const wchar_t* function, const wchar_t* file,
			unsigned int line, uintptr_t pReserved);

#ifndef WIN32_NO_REGISTRY 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.