alpine 3.8
shell weakness #1

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

email2trac/src/email2trac-2.5.0/run_email2trac.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 shell weakness.

       return -7;    /* 249 : Can't set supplementary groups */
    }
#endif
    if (setgid(TRAC->pw_gid) || setuid(TRAC->pw_uid)) {
      if ( DEBUG ) printf("setgid or setuid failed\n");
      return -5;   /* 251: Can't set gid or uid */
    }
  } else {
    if ( DEBUG ) printf("Invalid Trac user (%s)\n",TRAC_USER);
    return -6;     /* 250 : Trac user not found */
  }
	 
  /* Check that script exists */
  if ( stat(trac_script,&script_attrs) ) {
    if ( DEBUG ) printf("Script not found (%s)\n",trac_script);
    return -4;    /* 252 : script not found */
  }
 
  /* Set PYTHON_EGG_CACHE env variable if we have been told to do so */
  if ( python_egg_cache != NULL ) {
    setenv("PYTHON_EGG_CACHE",python_egg_cache ,1);
  }

  /* Execute script */
  status = execv(trac_script, trac_script_args);
  
  if ( DEBUG ) printf("Script %s execution failure (error=%d). Check permission and interpreter path.\n",trac_script,status);
  return -1;     /* 255 : should never reach this point */

}

/* EOB */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.