centos 6
shell weakness #10

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gprolog-1.3.1/src/EnginePl/machine1.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 shell weakness.

  * a NULL must follow the last argument.                                   *
 * if arg[1]==(char *) 1 then arg[0] is considered as a command-line.      *
 * return the status or -1 if cannot execute (errno is set) or -2 else     *
 * (errno is not set).                                                     *
 *-------------------------------------------------------------------------*/
int
Pl_M_Spawn(char *arg[])
{
#if defined(__unix__)
  int pid;

  fflush(stdout);
  fflush(stderr);

  if (arg[1] == (char *) 1)
    arg = Pl_M_Cmd_Line_To_Argv(arg[0], NULL);

  pid = fork();

  if (pid == -1)
    return -1;

  if (pid == 0)			/* child process */
    {
      execvp(arg[0], arg);	/* only returns on error */
      exit((errno == ENOENT || errno == ENOTDIR) ? 126 : 127);
    }

  return Pl_M_Get_Status(pid);

#else

#if defined(_MSC_VER)
  _flushall();
#endif

  if (arg[1] == (char *) 1)
    arg = Pl_M_Cmd_Line_To_Argv(arg[0], NULL);

  return spawnvp(_P_WAIT, arg[0], (const char *const *) arg);
#endif
}




/*-------------------------------------------------------------------------*
 * PL_M_SPAWN_REDIRECT                                                     *
 *                                                                         *
 * Execute a command with arguments in arg[], (arg[0]=the name of the cmd) * 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.