centos 7
shell weakness #16

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

dyninst-9.3.1/testsuite-9.3.0/src/proccontrol/pc_fork_exec_mutatee.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

    myid = 0;

   testLock(&fork_lock);
   pid = fork();
   if (pid)
      testUnlock(&fork_lock);

   char *args[4];
   args[0] = exec_name;
   args[1] = strdup("-run");
   args[2] = strdup("pc_exec_targ");
   args[3] = NULL;

   if (pid == -1) {
      perror("fork");
      myerror = 1;
      return -1;
   }
   if (!pid) {
      /*Child*/
      if (result == -1) {         
         perror("write");
         exit(-1);
      }
      execv(exec_name, args);
      perror("execv");
      exit(-1);
   }
   /*Parent*/
   result = waitpid(pid, &status, 0);
   if (result == -1) {
      perror("waitpid");
      myerror = 1;
   }
   if (!WIFEXITED(status)) {
      output->log(STDERR, "Unexpected waitpid return\n");
      myerror = 1;
      return -1;
   }
   if (WEXITSTATUS(status) != EXIT_CODE) {
      output->log(STDERR, "Bad return code from child process\n");
      myerror = 1;
      return -1;
   }
   
   return 0;
}

#if defined(os_linux_test) || defined(os_freebsd_test)
#include <dlfcn.h> 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.