centos 6
shell weakness #1

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

acpid-1.0.10/event.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 shell weakness.

 	pid = fork();
	switch (pid) {
	case -1:
		acpid_log(LOG_ERR, "fork(): %s\n", strerror(errno));
		return -1;
	case 0: /* child */
		/* parse the commandline, doing any substitutions needed */
		action = parse_cmd(rule->action.cmd, event);
		if (logevents) {
			acpid_log(LOG_INFO,
			    "executing action \"%s\"\n", action);
		}

		/* reset signals */
		signal(SIGHUP, SIG_DFL);
		signal(SIGTERM, SIG_DFL);
		signal(SIGINT, SIG_DFL);
		signal(SIGQUIT, SIG_DFL);
		signal(SIGPIPE, SIG_DFL);
		sigprocmask(SIG_UNBLOCK, signals_handled(), NULL);

		if (acpid_debug && logevents) {
			fprintf(stdout, "BEGIN HANDLER MESSAGES\n");
		}
		execl("/bin/sh", "/bin/sh", "-c", action, NULL);
		/* should not get here */
		acpid_log(LOG_ERR, "execl(): %s\n", strerror(errno));
		exit(EXIT_FAILURE);
	}

	/* parent */
	waitpid(pid, &status, 0);
	if (acpid_debug && logevents) {
		fprintf(stdout, "END HANDLER MESSAGES\n");
	}

	if (logevents) {
		if (WIFEXITED(status)) {
			acpid_log(LOG_INFO, "action exited with status %d\n",
			    WEXITSTATUS(status));
		} else if (WIFSIGNALED(status)) {
			acpid_log(LOG_INFO, "action exited on signal %d\n",
			    WTERMSIG(status));
		} else {
			acpid_log(LOG_INFO, "action exited with status %d\n",
			    status);
		}
	}

	return 0; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.