The getlogin()
function is easy to spoof. Do not rely on the name it returns.
The getlogin()
function is supposed to return a string containing the name of the user currently logged in at the terminal, but an attacker can cause getlogin()
to return the name of any user logged in to the machine. Do not rely on the name returned by getlogin()
when making security decisions.
Example 1: The following code relies on getlogin()
to determine whether or not a user is trusted. It is easily subverted.
pwd = getpwnam(getlogin());
if (isTrustedGroup(pwd->pw_gid)) {
allow();
} else {
deny();
}
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A3 Broken Authentication and Session Management
[2] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A3 Broken Authentication and Session Management
[3] Standards Mapping - OWASP Top 10 2007 - (OWASP 2007) A7 Broken Authentication and Session Management
[4] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3460 CAT I
[5] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 247, CWE ID 292, CWE ID 558, CWE ID 807
[6] Standards Mapping - FIPS200 - (FISMA) IA
[7] Standards Mapping - Web Application Security Consortium 24 + 2 - (WASC 24 + 2) Insufficient Authentication
[8] Standards Mapping - SANS Top 25 2010 - (SANS 2010) Porous Defenses - CWE ID 807
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.3
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.5.7
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.8