alpine 3.9
misc weakness #449

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

cvs/src/cvs-1.11.23/windows-NT/pwd.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 misc weakness.

   "LOGIN", "USER", "MAILNAME", (char *) 0
};

static char *group_strings[] =
{
  "GROUP", (char *) 0
};


static char *anonymous = "anonymous";	/* if all else fails ... */

static char *home_dir = ".";	/* we feel (no|every)where at home */
static char *login_shell = "not command.com!";

static char *login = (char *) 0;/* cache the names here	*/
static char *group = (char *) 0;

static struct passwd pw;	/* should we return a malloc()'d structure   */
static struct group gr;		/* instead of pointers to static structures? */

/* return something like a username in a (butchered!) passwd structure. */
struct passwd *
getpwuid (int uid)
{
  pw.pw_name = getlogin ();
  pw.pw_dir = home_dir;
  pw.pw_shell = login_shell;
  pw.pw_uid = 0;

  return &pw;
}

struct passwd *
getpwnam (char *name)
{
  return (struct passwd *) 0;
}

/* return something like a groupname in a (butchered!) group structure. */
struct group *
getgrgid (int uid)
{
  gr.gr_name = getgr_name ();
  gr.gr_gid = 0;

  return &gr;
}

struct group *
getgrnam (char *name) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.