fedora 23
misc weakness #272


Weakness Breakdown


The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 23 misc weakness.

 int     getlogin_r(char *name, size_t name_len);
int     setlogin(char *name);

int gethostname(char *name, size_t len);
int sethostname(char *name, size_t len);
int sethostid(long id);
int getdomainname(char *name, size_t len);
int setdomainname(char *name, size_t len);

int vhangup();
int revoke(char *file);
int profil(u_short *sample_buffer, size_t __size, size_t offset, u_int scale);
int acct(char *name);

char *getusershell();
void endusershell();
void setusershell();

int   daemon(int nochdir, int noclose);
int   chroot(char *path);
char* getpass(char *prompt);
int   fsync(int fd);
long  gethostid();
void  sync();
int   getpagesize();
int   getdtablesize();

int truncate(char *file, __off_t length);
int truncate64(char *file, __off64_t length);
int ftruncate(int fd, __off_t length);
int ftruncate64(int fd, __off64_t length);

int   brk(void *addr);
void* sbrk(u_int delta);
long  syscall(long sysno = SYSCALL_NO);

int   lockf(int fd, int cmd, __off_t len);
int   lockf64(int fd, int cmd, __off64_t len);
int   fdatasync(int fildes);

char* crypt(char *key, char *salt);
void  encrypt(char *block, int edflag);

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.