alpine 3.7
shell weakness #35


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.7 shell weakness.

 	 * merely opening the device, is required.  This is at least the case
	 * on Solaris. */
	/* Initialize so valgrind doesn't complain */
	c = 0;
	n_write(ready_writer, &c, 1);
	n_read(ready_reader, &c, 1);
	if (ready_writer != ready_reader) {

	/* If the caller provided a command, we can't go back, ever. */
	if (command != NULL) {
		/* Outta here. */
		if (argv != NULL) {
			for (i = 0; (argv[i] != NULL); i++) ;
			args = g_malloc0(sizeof(char*) * (i + 1));
			for (i = 0; (argv[i] != NULL); i++) {
				args[i] = g_strdup(argv[i]);
			execvp(command, args);
		} else {
			arg = g_strdup(command);
			execlp(command, arg, NULL);

		/* Avoid calling any atexit() code. */

	return 0;

static int _pty_set_size(int master, int columns, int rows);

/* Open the named PTY slave, fork off a child (storing its PID in child),
 * and exec the named command in its own session as a process group leader */
static int
_pty_fork_on_pty_name(const char *path, int parent_fd, char **env_add,
		      const char *command, char **argv,
		      const char *directory,
		      int columns, int rows, 
		      int *stdin_fd, int *stdout_fd, int *stderr_fd, int *slave_fd,
		      pid_t *child, gboolean reapchild, gboolean login)
	int fd, i;
	char c;
	int ready_a[2] = { 0, 0 }; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.