centos 7
shell weakness #12

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

dyninst-9.3.1/testsuite-9.3.0/src/testdriver_wrapper.C

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

    }

   args[j++] = NULL;
}

static void parse_go()
{
   int error;

   assert(args);
   execv(args[0], args);
   error = errno;
   if (debug_log)
     fprintf(debug_log, "Failed to execv %s: %s\n", args[0], strerror(error));
   assert(0);
}

static void runLdd(std::string filename, MessageBuffer &buf)
{
   char cmd_line[4092];
   snprintf(cmd_line, 4092, "ldd %s", filename.c_str());

   buf.add(cmd_line, strlen(cmd_line));
   buf.add("\n", 1);
   FILE *f = popen(cmd_line, "r");
   if (!f) {
      buf.add("ldd error\n", strlen("ldd error\n")+1);
      return;
   }
   while (!feof(f)) {
      char buffer[257];
      ssize_t num_read = fread(buffer, 1, 256, f);
      buf.add(buffer, num_read);
   }
   pclose(f);   
}

static void parse_ldd(char *buffer)
{
   assert(args);
   char *libname = buffer+2;

   MessageBuffer result;
   runLdd(args[0], result);
   result.add("\n", 1);
   runLdd(std::string(libname), result);
   result.add("\n", 2);

   bool bresult = connection->send_message(result);
   assert(bresult); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.