alpine 3.9
misc weakness #434

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

ckermit/src/ckufio.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 misc weakness.

 
    if (ruid != -1)
      return(realname);

    ruid = real_uid();                  /* get our uid */
    debug(F101,"whoami ruid B","",ruid);
    if (ruid < 0) ruid = getuid();
    debug(F101,"whoami ruid C","",ruid);

  /* how about $ USER or $ LOGNAME? */
    if ((c = getenv(NAMEENV)) != NULL) { /* check the env variable */
        ckstrncpy(envname, c, 255);
	debug(F110,"whoami envname",envname,0);
        if ((p = getpwnam(envname)) != NULL) {
            if (p->pw_uid == ruid) {    /* get passwd entry for envname */
                ckstrncpy(realname, envname, UIDBUFLEN); /* uid's are same */
		debug(F110,"whoami realname",realname,0);
                return(realname);
            }
        }
    }

  /* can we use loginname() ? */

    if ((c =  getlogin()) != NULL) {    /* name from utmp file */
        ckstrncpy (loginname, c, UIDBUFLEN);
	debug(F110,"whoami loginname",loginname,0); 
        if ((p = getpwnam(loginname)) != NULL) /* get passwd entry */
          if (p->pw_uid == ruid)        /* for loginname */
            ckstrncpy(realname, envname, UIDBUFLEN); /* if uid's are same */
    }

  /* Use first name we get for ruid */

    if ((p = getpwuid(ruid)) == NULL) { /* name for uid */
	debug(F101,"whoami no username for ruid","",ruid); 
        realname[0] = '\0';             /* no user name */
        ruid = -1;
        return(NULL);
    }
    ckstrncpy(realname, p->pw_name, UIDBUFLEN);
    debug(F110,"whoami realname from getpwuid",realname,0);
    return(realname);
#else
    return(NULL);
#endif /* DTILDE */
}

/*  T I L D E _ E X P A N D  --  expand ~user to the user's home directory. */
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.