fedora 25
misc weakness #469

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

Exactly what cuserid.

File Name:

facter-2.4.3/spec/fixtures/hpux/unistd.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 misc weakness.

 #   endif /* _REENTRANT */
#pragma extern  isatty, link
#   if !defined(__cplusplus) || !defined(_APP32_64BIT_OFF_T)
#     pragma extern lseek
#   endif /* !__cplusplus || !_APP32_64BIT_OFF_T */
#pragma builtin read
#pragma extern pathconf, pause, pipe, read, rmdir, setgid, setpgid
#pragma extern setsid, setuid, sleep, sysconf, tcgetpgrp, tcsetpgrp
#pragma extern ttyname  
#   ifdef _REENTRANT
#        pragma extern ttyname_r 
#   endif /* _REENTRANT */
#pragma builtin write
#pragma extern unlink, write, alarm, fork, getuid, geteuid, getgid
#pragma extern getegid, getpid, getpgrp, getppid 
#endif /* __ia64 && ! _LIBC */ 

     extern void _exit __((int));
     extern int access __((const char *, int));
     extern int chdir __((const char *));
     extern int chown __((const char *, uid_t, gid_t));
     extern int close __((int));
     extern char *ctermid __((char *));
#ifdef _INCLUDE_XOPEN_SOURCE_PRE_600
     extern char *cuserid __((char *));
#endif /* _INCLUDE_XOPEN_SOURCE_PRE_600 */
     extern int dup __((int));
     extern int dup2 __((int, int));
     extern int execl __((const char *, const char *, ...));
     extern int execle __((const char *, const char *, ...));
     extern int execlp __((const char *, const char *, ...));
     extern int execv __((const char *, char *const []));
     extern int execve __((const char *, char *const [], char *const []));
     extern int execvp __((const char *, char *const []));
     extern long fpathconf __((int, int));
     extern char *getcwd __((char *, __size_t));
     extern int getgroups __((int, gid_t []));
     extern char *getlogin __((void));
#   ifdef _REENTRANT
#     ifndef _PTHREADS_DRAFT4
        extern int getlogin_r __((char *, __size_t));
#     else /* _PTHREADS_DRAFT4 */
        extern int getlogin_r __((char *, int));
#     endif /* _PTHREADS_DRAFT4 */
#   endif
     extern int isatty __((int));
     extern int link __((const char *, const char *));
#   if !defined(__cplusplus) || !defined(_APP32_64BIT_OFF_T)
     _LF_EXTERN off_t lseek __((int, off_t, int)); 
#   endif /* !__cplusplus || !_APP32_64BIT_OFF_T */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.