centos 7
shell weakness #13

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

dyninst-9.3.1/dyninst-9.3.1/dataflowAPI/rose/util/FileSystem.C

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

 // compiling this source file. [Robb Matzke 2016-02-17]
//#if (__cplusplus >= 201103L) 
//#if !defined(BOOST_COMPILED_WITH_CXX11)
//   #warning "Compiling ROSE with C++11 mode: BOOST NOT compiled with C++11 support."
//#else
//   #warning "Compiling ROSE with C++11 mode: BOOST WAS compiled with C++11 support."
//#endif
//#endif

void
copyFile(const Path &src, const Path &dst) {
    // Do not use boost::filesystem::copy_file in boost 1.56 and earlier because it is not possible to cross link c++11 rose
    // with c++89 boost when using this symbol.  Boost issue #6124 fixed in boost 1.57 and later. Our solution is to use C++
    // stream I/O instead, which should still work on non-POSIX systems (Microsoft) although the exception situations might not
    // be exactly precise as POSIX. Use path::string rather than path::native in order to support Filesystem version 2.
    std::ifstream in(src.string().c_str(), std::ios::binary);
    std::ofstream out(dst.string().c_str(), std::ios::binary);
    out <<in.rdbuf();
    if (in.fail()) {
        throw boost::filesystem::filesystem_error("read failed", src,
                                                  boost::system::error_code(errno, boost::system::system_category()));
    }
    if (out.fail()) {
        throw boost::filesystem::filesystem_error("write failed", dst,
                                                  boost::system::error_code(errno, boost::system::system_category()));
    }
}

// Copies files to dstDir so that their name relative to dstDir is the same as their name relative to root
void
copyFiles(const std::vector<Path> &fileNames, const Path &root, const Path &dstDir) {
    std::set<Path> dirs;
    BOOST_FOREACH (const Path &fileName, fileNames) {
        Path dirName = dstDir / makeRelative(fileName.parent_path(), root);
        if (dirs.insert(dirName).second)
            boost::filesystem::create_directories(dirName);
        Path outputName = dirName / fileName.filename();
        copyFile(fileName, outputName);
    }
}

std::vector<Path>
findRoseFilesRecursively(const Path &root) {
    return findNamesRecursively(root, baseNameMatches(boost::regex("rose_.*")), isDirectory);
}

// Don't use this if you can help it!
std::string
toString(const Path &path) {
#if BOOST_FILESYSTEM_VERSION == 2                       // FIXME[Robb P. Matzke 2014-11-18]: Remove version 2 support 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.