alpine 3.8
shell weakness #2

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

libdaemon/src/libdaemon-0.14/libdaemon/dexec.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 shell weakness.

 
        close(0);

        if (open("/dev/null", O_RDONLY) != 0) {
            daemon_log(LOG_ERR, "Unable to open /dev/null as STDIN");
            goto fail;
        }

        daemon_close_all(-1);
        daemon_reset_sigs(-1);
        daemon_unblock_sigs(-1);

        umask(0022); /* Set up a sane umask */

        if (dir && chdir(dir) < 0) {
            daemon_log(LOG_WARNING, "Failed to change to directory '%s'", dir);
            chdir("/");
        }

        for (i = 0; i < MAX_ARGS-1; i++)
            if (!(args[i] = va_arg(ap, char*)))
                break;
        args[i] = NULL;

        execv(prog, args);

        daemon_log(LOG_ERR, "execv(%s) failed: %s", prog, strerror(errno));

    fail:

        _exit(EXIT_FAILURE);
    }

    close(p[1]);

    FD_ZERO(&fds);
    FD_SET(p[0], &fds);
    sigfd = daemon_signal_fd();
    FD_SET(sigfd, &fds);

    n = 0;

    for (;;) {
        fd_set qfds = fds;

        if (select(FD_SETSIZE, &qfds, NULL, NULL, NULL) < 0) {

            if (errno == EINTR)
                continue;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.