fedora 24
misc weakness #461


Weakness Breakdown


The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 24 misc weakness.

   "LOGIN", "USER", "MAILNAME", (char *) 0

static char *group_strings[] =
  "GROUP", (char *) 0

static char *anonymous = "anonymous";	/* if all else fails ... */

static char *home_dir = ".";	/* we feel (no|every)where at home */
static char *login_shell = "not cmd.exe!";

static char *login = (char *) 0;/* cache the names here	*/
static char *group = (char *) 0;

static struct passwd pw;	/* should we return a malloc()'d structure   */
static struct group gr;		/* instead of pointers to static structures? */

/* return something like a username in a (butchered!) passwd structure. */
struct passwd *
getpwuid (int uid)
  pw.pw_name = getlogin ();
  pw.pw_dir = home_dir;
  pw.pw_shell = login_shell;
  pw.pw_uid = 0;

  return &pw;

struct passwd *
getpwnam (char *name)
  return (struct passwd *) 0;

/* return something like a groupname in a (butchered!) group structure. */
struct group *
getgrgid (int uid)
  gr.gr_name = getgr_name ();
  gr.gr_gid = 0;

  return &gr;

struct group *
getgrnam (char *name) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.