alpine 3.7
misc weakness #425

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

libc0.9.32/src/uClibc-0.9.33.2/libc/unistd/getlogin.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 misc weakness.

 /* vi: set sw=4 ts=4: */
/*
 * getlogin for uClibc
 * Copyright (C) 2000-2006 by Erik Andersen <andersen@uclibc.org>
 * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
 */

#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>


/* uClibc makes it policy to not mess with the utmp file whenever
 * possible, since I consider utmp a complete waste of time.  Since
 * getlogin() should never be used for security purposes, we kindly let
 * the user specify whatever they want via the LOGNAME environment
 * variable, or we return NULL if getenv() fails to find anything */

char * getlogin(void)
{
	return (getenv("LOGNAME"));
}
libc_hidden_def(getlogin)

int getlogin_r(char *name, size_t len)
{
	char * foo = getenv("LOGNAME");

	if (! foo)
		return -1;

	strncpy(name, foo, len);
	name[len-1] = '\0';
	return 0;
}

char *cuserid(char *s)
{
	char *name = getlogin();
	if (s) {
		return(strcpy(s, name ? name : ""));
	}
	return name;
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.