Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-558:Use of getlogin() in Multithreaded Application
Weakness ID:558
Version:v4.17
Weakness Name:Use of getlogin() in Multithreaded Application
Vulnerability Mapping:Allowed
Abstraction:Variant
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.

▼Extended Description

The getlogin() function returns a pointer to a string that contains the name of the user associated with the calling process. The function is not reentrant, meaning that if it is called from another process, the contents are not locked out and the value of the string can be changed by another process. This makes it very risky to use because the username can be changed by other processes, so the results of the function cannot be trusted.

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowedB663Use of a Non-reentrant Function in a Concurrent Context
Nature: ChildOf
Mapping: Allowed
Type: Base
ID: 663
Name: Use of a Non-reentrant Function in a Concurrent Context
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC2277PK - API Abuse
MemberOfProhibitedC1001SFP Secondary Cluster: Use of an Improper API
MemberOfProhibitedC1401Comprehensive Categorization: Concurrency
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 227
Name: 7PK - API Abuse
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1001
Name: SFP Secondary Cluster: Use of an Improper API
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1401
Name: Comprehensive Categorization: Concurrency
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-312Other (impact)
MemberOfProhibitedBSBOSS-316Bypass Protection Mechanism (impact)
MemberOfProhibitedBSBOSS-318Modify Application Data (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-312
Name: Other (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-316
Name: Bypass Protection Mechanism (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-318
Name: Modify Application Data (impact)
▼Relevant To View
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC1001SFP Secondary Cluster: Use of an Improper API
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1001
Name: SFP Secondary Cluster: Use of an Improper API
Relevant to the view"Seven Pernicious Kingdoms - (700)"
NatureMappingTypeIDName
MemberOfProhibitedC2277PK - API Abuse
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 227
Name: 7PK - API Abuse
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
IntegrityAccess ControlOtherN/AModify Application DataBypass Protection MechanismOther
N/A
Scope: Integrity, Access Control, Other
Likelihood: N/A
Impact: Modify Application Data, Bypass Protection Mechanism, Other
Note:
N/A
▼Potential Mitigations
Phase:Architecture and Design
Mitigation ID:
Strategy:
Effectiveness:
Description:

Using names for security purposes is not advised. Names are easy to forge and can have overlapping user IDs, potentially causing confusion or impersonation.

Note:

Phase:Implementation
Mitigation ID:
Strategy:
Effectiveness:
Description:

Use getlogin_r() instead, which is reentrant, meaning that other processes are locked out from changing the username.

Note:

▼Modes Of Introduction
Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: C(Undetermined Prevalence)
Class: C++(Undetermined Prevalence)
▼Demonstrative Examples
Example 1

The following code relies on getlogin() to determine whether or not a user is trusted. It is easily subverted.

Language: ( code)
N/A

Language: C(Bad code)
pwd = getpwnam(getlogin()); if (isTrustedGroup(pwd->pw_gid)) { allow(); } else { deny(); }

▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      7 Pernicious KingdomsN/AN/AOften Misused: Authentication
      Software Fault PatternsSFP3N/AUse of an improper API
      Taxonomy Name: 7 Pernicious Kingdoms
      Entry ID: N/A
      Fit: N/A
      Entry Name: Often Misused: Authentication
      Taxonomy Name: Software Fault Patterns
      Entry ID: SFP3
      Fit: N/A
      Entry Name: Use of an improper API
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found