fedora 23
misc weakness #273


Weakness Breakdown


The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

Exactly what cuserid.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 23 misc weakness.

 int             fseeko64(FILE *stream, __off64_t off, int whence);
__off64_t       ftello64(FILE *stream);

int fgetpos64(FILE *stream, fpos64_t *pos);
int fsetpos64(FILE *stream, fpos64_t *pos);

void clearerr(FILE *stream);
int  feof(FILE *stream);
int  ferror(FILE *stream);
void clearerr_unlocked(FILE *stream);
int  feof_unlocked(FILE *stream);
int  ferror_unlocked(FILE *stream);

void perror(char *s);

int     fileno(FILE *stream);
int     fileno_unlocked(FILE *stream);
FILE*   popen(char *command, char *modes);
int     pclose(FILE *stream);
char*   ctermid(char *s);
char*   cuserid(char *s);

int  obstack_printf(void *obstack, char *format);
int  obstack_vprintf(void *obstack, char *format);
void flockfile(FILE *stream);
int  ftrylockfile(FILE *stream);
void funlockfile(FILE *stream);

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.