centos 6
misc weakness #36


Weakness Breakdown


The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 6 misc weakness.


int link(const char *oldpath, const char *newpath)
	typedef BOOL (WINAPI *T)(const char*, const char*, LPSECURITY_ATTRIBUTES);
	static T create_hard_link = NULL;
	if (!create_hard_link) {
		create_hard_link = (T) GetProcAddress(
			GetModuleHandle("kernel32.dll"), "CreateHardLinkA");
		if (!create_hard_link)
			create_hard_link = (T)-1;
	if (create_hard_link == (T)-1) {
		errno = ENOSYS;
		return -1;
	if (!create_hard_link(newpath, oldpath, NULL)) {
		errno = err_win_to_posix(GetLastError());
		return -1;
	return 0;

char *getpass(const char *prompt)
	struct strbuf buf = STRBUF_INIT;

	fputs(prompt, stderr);
	for (;;) {
		char c = _getch();
		if (c == '\r' || c == '\n')
		strbuf_addch(&buf, c);
	fputs("\n", stderr);
	return strbuf_detach(&buf, NULL);

/* MinGW readdir implementation to avoid extra lstats for Git */
struct mingw_DIR
	struct _finddata_t	dd_dta;		/* disk transfer area for this dir */
	struct mingw_dirent	dd_dir;		/* Our own implementation, including d_type */
	long			dd_handle;	/* _findnext handle */
	int			dd_stat; 	/* 0 = next entry to read is first entry, -1 = off the end, positive = 0 based index of next entry */
	char			dd_name[1]; 	/* given path for dir with search pattern (struct is extended) */

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.