The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.
It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.
util-linux-2.23.2/misc-utils/logger.c
The highlighted line of code below is the trigger point of this particular Centos 7 misc weakness.
freeaddrinfo(res);
continue;
}
if (connect(fd, res->ai_addr, res->ai_addrlen) == -1) {
freeaddrinfo(res);
close(fd);
continue;
}
freeaddrinfo(res);
break;
}
if (i == 0)
errx(EXIT_FAILURE, _("failed to connect %s port %s"), servername, p);
return fd;
}
static char const *xgetlogin(void)
{
char const *cp;
struct passwd *pw;
if (!(cp = getlogin()) || !*cp)
cp = (pw = getpwuid(geteuid()))? pw->pw_name : "<someone>";
return cp;
}
static void
mysyslog(int fd, int logflags, int pri, char *tag, char *msg) {
char *buf, pid[30], *tp;
const char *cp;
time_t now;
if (fd > -1) {
if (logflags & LOG_PID)
snprintf (pid, sizeof(pid), "[%d]", getpid());
else
pid[0] = 0;
cp = tag ? tag : xgetlogin();
(void)time(&now);
tp = ctime(&now)+4;
xasprintf(&buf, "<%d>%.15s %.200s%s: %s",
pri, tp, cp, pid, msg);
write_all(fd, buf, strlen(buf)+1);
free(buf);
}