alpine 3.9
shell weakness #5

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gamin/src/gamin-0.1.10/libgamin/gam_fork.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 shell weakness.

 	    dup2 (fd, 0);
	    close (fd);
	}
	
	fd = open ("/dev/null", O_WRONLY);
	if (fd != -1) {
	    dup2 (fd, 1);
	    dup2 (fd, 2);
	    close (fd);
	}
	
        setsid();
        if (fork() == 0) {
#ifdef HAVE_SETENV
            setenv("GAM_CLIENT_ID", fam_client_id, 0);
#elif HAVE_PUTENV
            char *client_id = malloc (strlen (fam_client_id) + sizeof "GAM_CLIENT_ID=");
              if (client_id)
              {
                strcpy (client_id, "GAM_CLIENT_ID=");
                strcat (client_id, fam_client_id);
                putenv (client_id);
              }
#endif /* HAVE_SETENV */
            execl(server_path, server_path, NULL);
            gam_error(DEBUG_INFO, "failed to exec %s\n", server_path);
        }
        /*
         * calling exit() generate troubles for termination handlers
         * for example if the client uses bonobo/ORBit
         */
        _exit(0);
    }

    /*
     * do a waitpid on the intermediate process to avoid zombies.
     */
retry_wait:
    ret = waitpid(pid, &status, 0);
    if (ret < 0) {
        if (errno == EINTR)
            goto retry_wait;
    }

    return (0);
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.