alpine 3.7
misc weakness #440

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

ruby/src/ruby-2.4.6/file.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 misc weakness.

 VALUE
rb_home_dir_of(VALUE user, VALUE result)
{
#ifdef HAVE_PWD_H
    struct passwd *pwPtr;
#else
    extern char *getlogin(void);
    const char *pwPtr = 0;
    # define endpwent() ((void)0)
#endif
    const char *dir, *username = RSTRING_PTR(user);
    rb_encoding *enc = rb_enc_get(user);
#if defined _WIN32
    rb_encoding *fsenc = rb_utf8_encoding();
#else
    rb_encoding *fsenc = rb_filesystem_encoding();
#endif
    if (enc != fsenc) {
        dir = username = RSTRING_PTR(rb_str_conv_enc(user, enc, fsenc));
    }

#ifdef HAVE_PWD_H
    pwPtr = getpwnam(username);
#else
    if (strcasecmp(username, getlogin()) == 0)
	dir = pwPtr = getenv("HOME");
#endif
    if (!pwPtr) {
	endpwent();
	rb_raise(rb_eArgError, "user %"PRIsVALUE" doesn't exist", user);
    }
#ifdef HAVE_PWD_H
    dir = pwPtr->pw_dir;
#endif
    copy_home_path(result, dir);
    endpwent();
    return result;
}

#ifndef _WIN32
VALUE
rb_default_home_dir(VALUE result)
{
    const char *dir = getenv("HOME");

#if defined HAVE_PWD_H
    if (!dir) {
	const char *login = getlogin();
	if (login) {
	    struct passwd *pw = getpwnam(login); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.