centos 7
misc weakness #407

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

slang-2.2.4/src/curses/bs.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 misc weakness.

 {
    if (salvo || blitz || closepack)
    {
	(void) printw("Playing optional game (");
	if (salvo)
	    (void) printw("salvo, ");
	else
	    (void) printw("nosalvo, ");
	if (blitz)
	    (void) printw("blitz ");
	else
	    (void) printw("noblitz, ");
	if (closepack)
	    (void) printw("closepack)");
	else
	    (void) printw("noclosepack)");
    }
    else
	(void) printw(
	"Playing standard game (noblitz, nosalvo, noclosepack)");
}

static void intro(void)
{
    extern char *getlogin(void);
    char *tmpname;

    srand((unsigned)(time(0L)+getpid()));	/* Kick the random number generator */

    (void) signal(SIGINT,uninitgame);
    (void) signal(SIGINT,uninitgame);
    (void) signal(SIGIOT,uninitgame);		/* for assert(3) */
    if(signal(SIGQUIT,SIG_IGN) != SIG_IGN)
	(void)signal(SIGQUIT,uninitgame);

    if((tmpname = getlogin()) != 0)
    {
	(void)strcpy(name,tmpname);
	name[0] = toupper(name[0]);
    }
    else
	(void)strcpy(name,dftname);

    (void)initscr();
#ifdef KEY_MIN
    keypad(stdscr, TRUE);
#endif /* KEY_MIN */
    (void)saveterm();
    (void)nonl();
    (void)cbreak(); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.