fedora 24
misc weakness #458

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

cvs-1.11.23/windows-NT/pwd.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 misc weakness.

 struct passwd *
getpwnam (char *name)
{
  return (struct passwd *) 0;
}

/* return something like a groupname in a (butchered!) group structure. */
struct group *
getgrgid (int uid)
{
  gr.gr_name = getgr_name ();
  gr.gr_gid = 0;

  return &gr;
}

struct group *
getgrnam (char *name)
{
  return (struct group *) 0;
}

/* return something like a username. */
char *
getlogin ()
{
  /* This is how a windows user would override their login name. */
  if (!login)
    login = lookup_env (login_strings);

  /* In the absence of user override, ask the operating system. */
  if (!login)
     login = win32getlogin();

  /* If all else fails, fall back on Old Faithful. */
  if (!login)
    login = anonymous;

  return login;
}

/* return something like a group.  */
char *
getgr_name ()
{
  if (!group)			/* have we been called before? */
    group = lookup_env (group_strings);

  if (!group)			/* have we been successful? */
    group = anonymous; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.