alpine 3.9
misc weakness #426

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

inetutils-syslogd/src/inetutils-1.9.4/talk/get_names.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 misc weakness.

  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <config.h>

#include <stdlib.h>
#include <string.h>

#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <protocols/talkd.h>
#include <pwd.h>
#include <libinetutils.h>
#include <unistd.h>
#include "talk.h"

char *getlogin (void);
char *ttyname (int);
extern CTL_MSG msg;

/*
 * Determine the local and remote user, tty, and machines
 */
int
get_names (int argc, char *argv[])
{
  char *his_name, *my_name;
  char *my_machine_name, *his_machine_name;
  char *his_tty;
  register char *cp;

  if ((my_name = getlogin ()) == NULL)
    {
      struct passwd *pw;

      if ((pw = getpwuid (getuid ())) == NULL)
	{
	  printf ("You don't exist. Go away.\n");
	  exit (-1);
	}
      my_name = pw->pw_name;
    } 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.