centos 6
shell weakness #11

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gprolog-1.3.1/src/BipsPl/os_interf_c.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 shell weakness.

   return Pl_Get_Integer(status, status_word);
}




/*-------------------------------------------------------------------------*
 * PL_SYSTEM_2                                                             *
 *                                                                         *
 *-------------------------------------------------------------------------*/
Bool
Pl_System_2(WamWord cmd_word, WamWord status_word)
{
  char *cmd;
  int status;

  cmd = Pl_Rd_String_Check(cmd_word);
  Pl_Check_For_Un_Integer(status_word);

#ifdef _WIN32
  _flushall();
#endif

  Pl_Flush_All_Streams();
  status = system(cmd);

  return Pl_Get_Integer(status, status_word);
}




/*-------------------------------------------------------------------------*
 * PL_SPAWN_3                                                              *
 *                                                                         *
 *-------------------------------------------------------------------------*/
Bool
Pl_Spawn_3(WamWord cmd_word, WamWord list_word, WamWord status_word)
{
  WamWord word, tag_mask;
  WamWord save_list_word;
  WamWord *lst_adr;
  char *arg[MAX_SPAWN_ARGS];
  char **p = arg;
  char err[64];
  int status;

  save_list_word = list_word;

  *p++ = Pl_Rd_String_Check(cmd_word); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.