fedora 24
misc weakness #471

4

Weakness Breakdown

Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):
CWE-676CWE-120CWE-20

This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data.

File Name:

dietlibc/include/unistd.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 misc weakness.

 int setreuid(uid_t ruid, uid_t euid) __THROW;
#define seteuid(euid) setreuid(-1,euid)
#define setegid(egid) setregid(-1,egid)

int truncate(const char *path, off_t length) __THROW;
int ftruncate(int fd, off_t length) __THROW;
#if __WORDSIZE == 32
int truncate64(const char *path, loff_t length) __THROW;
int ftruncate64(int fd, loff_t length) __THROW;
#endif

int nice(int inc) __THROW;

char *crypt(const char *key, const char *salt) __THROW;
void encrypt(char block[64], int edflag) __THROW;
void setkey(const char *key) __THROW;

size_t getpagesize(void) __THROW __attribute__((__const__,__pure__));

int getdomainname(char *name, size_t len) __THROW;
int setdomainname(const char *name, size_t len) __THROW;

int getgroups(int size, gid_t list[]) __THROW;
int getdtablesize(void) __THROW;
char *getpass(const char * prompt) __THROW;

/* warning: linux specific: */
int llseek(int fildes, unsigned long hi, unsigned long lo, loff_t* result,int whence) __THROW;

/* include <linux/sysctl.h> to get all the definitions! */
struct __sysctl_args;
int _sysctl(struct __sysctl_args *args) __THROW;

#define _CS_PATH 1
size_t confstr(int name,char*buf,size_t len) __THROW;

#define _SC_CLK_TCK 1
#define _SC_ARG_MAX 2
#define _SC_NGROUPS_MAX 3
#define _SC_OPEN_MAX 4
#define _SC_PAGESIZE 5
#define _SC_NPROCESSORS_ONLN 6
#define _SC_NPROCESSORS_CONF _SC_NPROCESSORS_ONLN
#define _SC_PHYS_PAGES 7
#define _SC_GETPW_R_SIZE_MAX 8
#define _SC_GETGR_R_SIZE_MAX 9
long sysconf(int name) __THROW;
#define _PC_PATH_MAX 1
#define _PC_VDISABLE 2
polyverse small logo
Products
Polymorphing for Linux
Polymorphing for Embedded/IOT
Polyscripting
Polyscripting for WordPress
Build Farm for Gov.
Resources
Linux Weakness Report
Demos
Documentation
Resource Library
Webinars
Blogs
FAQ
Pricing
How to Buy
Partners
Free Trial
Contact Us
Company
About Us
Newsroom
Careers

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

© 2020 Polyverse