alpine 3.7
shell weakness #16

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

libmikmod/src/libmikmod-3.3.11.1/drivers/drv_pipe.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 shell weakness.

 	if (!pipefile) {
		_mm_errno=MMERR_OPENING_FILE;
		return 1;
	}
#else
	/* poor man's popen() */
	if (pipe(pipefd)) {
		_mm_errno = MMERR_OPENING_FILE;
		return 1;
	}
	switch (pid=fork()) {
		case -1:
			close(pipefd[0]);
			close(pipefd[1]);
			pipefd[0]=pipefd[1]=-1;
			_mm_errno=MMERR_OPENING_FILE;
			return 1;
		case 0:
			if (pipefd[0]) {
				dup2(pipefd[0],0);
				close(pipefd[0]);
			}
			close(pipefd[1]);
			if (!MD_DropPrivileges())
				execl("/bin/sh","sh","-c",target,NULL);
			exit(127);
	}
	close(pipefd[0]);
	if (!(pipefile=fdopen(pipefd[1],"wb"))) {
		_mm_errno=MMERR_OPENING_FILE;
		return 1;
	}
#endif
	if(!(pipeout=_mm_new_file_writer(pipefile)))
		return 1;
	if(!(audiobuffer=(SBYTE*)MikMod_malloc(BUFFERSIZE)))
		return 1;

	md_mode|=DMODE_SOFT_MUSIC|DMODE_SOFT_SNDFX;

	return VC_Init();
}

static void pipe_Exit(void)
{
#if (MIKMOD_UNIX)
	int pstat;
	pid_t pid2;
#endif
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.