centos 7
misc weakness #406

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

util-linux-2.23.2/misc-utils/logger.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 misc weakness.

 			freeaddrinfo(res);
			continue;
		}
		if (connect(fd, res->ai_addr, res->ai_addrlen) == -1) {
			freeaddrinfo(res);
			close(fd);
			continue;
		}

		freeaddrinfo(res);
		break;
	}

	if (i == 0)
		errx(EXIT_FAILURE, _("failed to connect %s port %s"), servername, p);

	return fd;
}

static char const *xgetlogin(void)
{
	char const *cp;
	struct passwd *pw;

	if (!(cp = getlogin()) || !*cp)
		cp = (pw = getpwuid(geteuid()))? pw->pw_name : "<someone>";
	return cp;
}

static void
mysyslog(int fd, int logflags, int pri, char *tag, char *msg) {
       char *buf, pid[30], *tp;
       const char *cp;
       time_t now;

       if (fd > -1) {
               if (logflags & LOG_PID)
                       snprintf (pid, sizeof(pid), "[%d]", getpid());
	       else
		       pid[0] = 0;
	       cp = tag ? tag : xgetlogin();
               (void)time(&now);
	       tp = ctime(&now)+4;

               xasprintf(&buf, "<%d>%.15s %.200s%s: %s",
			pri, tp, cp, pid, msg);

	       write_all(fd, buf, strlen(buf)+1);
	       free(buf);
       } 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.