alpine 3.7
shell weakness #12

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gdbm/src/gdbm-1.13/tests/d_creat_ce.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 shell weakness.

      {
       if (strcmp (argv[i], "-creat") == 0)
	 flags = O_RDWR|O_CREAT;
       else if (strcmp (argv[i], "-write") == 0)
	 flags = O_RDWR;
       else
	 {
	   fprintf (stderr, "%s: unknown option: %s\n",
		    argv[0], argv[i]);
	   return 2;
	 }
       
     }
   
   if (!O_CLOEXEC)
     return 77;
   
   d = dbm_open ("file", flags|O_CLOEXEC, 0600);
   if (!d)
     {
       perror ("dbm_open");
       return 3;
     }

   execl (argv[1], "fdop",
	  ntos (dbm_pagfno (d), fdbuf[0], sizeof (fdbuf[0])),
	  ntos (dbm_dirfno (d), fdbuf[1], sizeof (fdbuf[1])),
	  NULL);
   return 127;
}
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.