alpine 3.9
shell weakness #5


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.9 shell weakness.

 	    dup2 (fd, 0);
	    close (fd);
	fd = open ("/dev/null", O_WRONLY);
	if (fd != -1) {
	    dup2 (fd, 1);
	    dup2 (fd, 2);
	    close (fd);
        if (fork() == 0) {
            setenv("GAM_CLIENT_ID", fam_client_id, 0);
            char *client_id = malloc (strlen (fam_client_id) + sizeof "GAM_CLIENT_ID=");
              if (client_id)
                strcpy (client_id, "GAM_CLIENT_ID=");
                strcat (client_id, fam_client_id);
                putenv (client_id);
#endif /* HAVE_SETENV */
            execl(server_path, server_path, NULL);
            gam_error(DEBUG_INFO, "failed to exec %s\n", server_path);
         * calling exit() generate troubles for termination handlers
         * for example if the client uses bonobo/ORBit

     * do a waitpid on the intermediate process to avoid zombies.
    ret = waitpid(pid, &status, 0);
    if (ret < 0) {
        if (errno == EINTR)
            goto retry_wait;

    return (0);

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.