alpine 3.9
misc weakness #448

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

gnats/src/gnats-4.2.0/gnats/client.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 misc weakness.

 	}

      if (*user == NULL && vals[3][0] != '\0')
	{
	  *user = vals[3];
	}
      else
	{
	  free (vals[3]);
	}

      if (*passwd == NULL && vals[4][0] != '\0')
	{
	  *passwd = vals[4];
	}
      else
	{
	  free (vals[4]);
	}
    }

  if (*user == NULL)
    {
      /* This is just wrong, but we'll live with it. XXX ??? !!! */
      char *lname = getlogin ();
      if (lname != NULL)
	{
	  *user = xstrdup (lname);
	}
      else
	{
	  struct passwd *p;

	  p = getpwuid (getuid ());
	  if (p != NULL)
	    {
	      *user = xstrdup (p->pw_name);
	    }
	}
    }

  if (*passwd == NULL)
    {
      *passwd = xstrdup ("*");
    }

  if (*database == NULL && ! is_net_conn)
    {
      *database = ((evar == NULL || evar[0] == '\0')
		   ? xstrdup ("default") 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.