alpine 3.6
shell weakness #9


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

	/* Pass MNT_NOWAIT to avoid blocking trying to update NFS mounts. */
	if ((num_mounts = getmntinfo (&mntent, MNT_NOWAIT)) == 0) {
	    	return TRUE;

	for (i = 0; i < num_mounts; i++) {
	    	mount_entry = g_new0 (GnomeVFSUnixMount, 1);

		mount_entry->mount_path = g_strdup (mntent[i].f_mntonname);
		mount_entry->device_path = g_strdup (mntent[i].f_mntfromname);
		mount_entry->filesystem_type = g_strdup (mntent[i].f_fstypename);
		if (mntent[i].f_flags & MNT_RDONLY) {
		    	mount_entry->is_read_only = TRUE;

		*return_list = g_list_prepend (*return_list, mount_entry);

	*return_list = g_list_reverse (*return_list);

	return TRUE;
#error No _gnome_vfs_get_current_unix_mounts() implementation for system

/* _gnome_vfs_get_unix_mount_table():
 * read the fstab.
 * don't return swap and ignore mounts.

static char *
get_fstab_file (void)
#if defined(HAVE_SYS_MNTCTL_H) && defined(HAVE_SYS_VMOUNT_H) && defined(HAVE_SYS_VFS_H)
	/* AIX */
	return "/etc/filesystems";
#elif defined(_PATH_MNTTAB)
	return _PATH_MNTTAB;
#elif defined(VFSTAB)
	return VFSTAB;
	return "/etc/fstab";


The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.