fedora 25
misc weakness #451

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

Gauche-0.9.4/src/libsys.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 misc weakness.

 break;}}}
if ((errno)==(EINVAL)){
(size)+=(size);
pglist=(SCM_NEW_ATOMIC_ARRAY(gid_t,size));} else {
Scm_SysError("getgroups failed");}}}}
SCM_RETURN(SCM_OBJ_SAFE(SCM_RESULT));
}
  }
}

static SCM_DEFINE_SUBRX(libsyssys_getgroups__STUB, 0, 0,0, SCM_OBJ(&scm__sc.d1284[8]),SCM_SUBR_IMMEDIATE_ARG, libsyssys_getgroups, NULL, NULL);

#endif /* !defined(GAUCHE_WINDOWS) */
static ScmObj libsyssys_getlogin(ScmObj *SCM_FP, int SCM_ARGCNT, void *data_)
{
  ScmObj SCM_SUBRARGS[0];
  int SCM_i;
  SCM_ENTER_SUBR("sys-getlogin");
  for (SCM_i=0; SCM_i<0; SCM_i++) {
    SCM_SUBRARGS[SCM_i] = SCM_ARGREF(SCM_i);
  }
  {
{
const char * SCM_RESULT;
SCM_RESULT=(getlogin());
SCM_RETURN(SCM_MAKE_MAYBE(SCM_MAKE_STR_COPYING, SCM_RESULT));
}
  }
}

static SCM_DEFINE_SUBRX(libsyssys_getlogin__STUB, 0, 0,0, SCM_OBJ(&scm__sc.d1235[296]),SCM_SUBR_IMMEDIATE_ARG, libsyssys_getlogin, NULL, NULL);

static ScmObj libsyssys_link(ScmObj *SCM_FP, int SCM_ARGCNT, void *data_)
{
  ScmObj existing_scm;
  const char * existing;
  ScmObj newpath_scm;
  const char * newpath;
  ScmObj SCM_SUBRARGS[2];
  int SCM_i;
  SCM_ENTER_SUBR("sys-link");
  for (SCM_i=0; SCM_i<2; SCM_i++) {
    SCM_SUBRARGS[SCM_i] = SCM_ARGREF(SCM_i);
  }
  existing_scm = SCM_SUBRARGS[0];
  if (!SCM_STRINGP(existing_scm)) Scm_Error("const C string required, but got %S", existing_scm);
  existing = SCM_STRING_CONST_CSTRING(existing_scm);
  newpath_scm = SCM_SUBRARGS[1];
  if (!SCM_STRINGP(newpath_scm)) Scm_Error("const C string required, but got %S", newpath_scm);
  newpath = SCM_STRING_CONST_CSTRING(newpath_scm); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.