centos 7
misc weakness #393

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

cvs-1.11.23/os2/pwd.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 misc weakness.

 struct passwd *
getpwnam (char *name)
{
  return (struct passwd *) 0;
}

/* return something like a groupname in a (butchered!) group structure. */
struct group *
getgrgid (int uid)
{
  gr.gr_name = getgr_name ();
  gr.gr_gid = 0;

  return &gr;
}

struct group *
getgrnam (char *name)
{
  return (struct group *) 0;
}

/* return something like a username. */
char *
getlogin ()
{
  if (!login)			/* have we been called before? */
    login = lookup_env (login_strings);

  if (!login)			/* have we been successful? */
    login = anonymous;

  return login;
}

/* return something like a group.  */
char *
getgr_name ()
{
  if (!group)			/* have we been called before? */
    group = lookup_env (group_strings);

  if (!group)			/* have we been successful? */
    group = anonymous;

  return group;
}

/* return something like a uid.  */
int 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.