cpp/potential-system-data-exposure: Does printing a username from getpwuid() count as potential exposure of sensitive system data? #12409
Labels
question
Further information is requested
Comments
ryao
changed the title
|
You are right that the sensitiveness of the username is dependent on the thread model, but that means in the end that it depends on the context in which the C++ program is being run. There are relevant cases when printing the OS username can expose information usable by an attacker, and CodeQL analysis can not really take into account the context in which the whole program is being run. For reference, here's the relevant CWE. Maybe long term we could think of ways to customise sensitive data categorisation, but until then I guess the only possibility is to consciously dismiss such alerts. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/ryao/zfs/security/code-scanning/824
https://github.com/ryao/zfs/blob/3881dd42bbfb7297f08e796c38b35d54e11ac500/cmd/zpool/zpool_main.c#L9431-L9431
Does telling a user his own username really count as potential exposure of sensitive information?
I guess this could be dependent on your threat model since a threat model for an IoT device is certainly different from a threat model for a standard multi-user system. However, I wonder if a username, which is public information in most threat models for C/C++ software, really should be counted as sensitive information by
cpp/potential-system-data-exposure.The text was updated successfully, but these errors were encountered: