fedora 23
misc weakness #274

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

stevedekorte-io-f62cceb/addons/User/source/IoUser.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 misc weakness.

 
	char *userName = (char *)getlogin();

	if (userName == NULL)
	{
		userName = getenv("LOGNAME");
	}

	if (userName == NULL)
	{
		return IONIL(self);
	}

	return IOSYMBOL(userName);
}

#define IODIRECTORY(path) IoDirectory_newWithPath_(IOSTATE, IOSYMBOL(path));

IoObject *IoUser_homeDirectory(IoUser *self, IoObject *locals, IoMessage *m)
{
	/*doc User homeDirectory
	Returns the current user's home directory as a Directory object.
*/

	char *login = (char *)getlogin();
	//IoSymbol *homePath;

	if (login)
	{
		struct passwd *pw = getpwnam(login);

		if (pw && pw->pw_dir)
		{
			return IODIRECTORY(pw->pw_dir);
		}
	}

	{
		char *path = getenv("HOME");

		if (path)
		{
			return IODIRECTORY(path);
		}
		else
		{
			return IODIRECTORY("~");
		}
	}
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.