centos 7
shell weakness #19

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

dyninst-9.3.1/dyninst-9.3.1/common/src/freebsdHeaders.h

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

 #include <time.h>
#include <sys/utsname.h>
#include <sys/stat.h>
#include <sys/un.h>
#include <sys/syscall.h>

#include <rpc/types.h>
#include <rpc/xdr.h>

#define PDSOCKET_ERROR (-1)
typedef int PDSOCKET;
typedef int (*P_xdrproc_t)(XDR*, ...);
/* Not going to use on Linux Platform - already declared in /usr/include/errno.h
extern const char *sys_errlist[];
*/

/* POSIX */
int P_getopt(int argc, char *argv[], const char *optstring);
inline void P_abort (void) { abort();}
inline int P_close (int FILEDES) { 
    return (close(FILEDES));
}
inline int P_dup2 (int OLD, int NEW) { return (dup2(OLD, NEW));}
inline int P_execvp (const char *FILENAME, char *const ARGV[]) {
  return (execvp(FILENAME, ARGV));}
inline int P_execve (const char* FILENAME,
		     char* const ARGV[], char* const ENVP[]) {
    return (execve(FILENAME, ARGV, ENVP));
}
inline void P__exit (int STATUS) { _exit(STATUS);}
inline int P_fcntl (int FILEDES, int COMMAND, int ARG2) {
  return (fcntl(FILEDES, COMMAND, ARG2));}
inline FILE * P_fdopen (int FILEDES, const char *OPENTYPE) {
  return (fdopen(FILEDES, OPENTYPE));}
inline FILE * P_fopen (const char *FILENAME, const char *OPENTYPE) {
    return fopen(FILENAME, OPENTYPE);
}
int P_copy(const char *from, const char *to);
int P_system(const char *string);
inline int P_fstat (int FILEDES, struct stat *BUF) { return (fstat(FILEDES, BUF));}
inline pid_t P_getpid () { return (getpid());}
inline int P_kill(pid_t PID, int SIGNUM) { return (kill(PID, SIGNUM));}
inline off_t P_lseek (int FILEDES, off_t OFFSET, int WHENCE) {
  return (lseek(FILEDES, OFFSET, WHENCE));}
inline int P_open(const char *FILENAME, int FLAGS, mode_t MODE) {
    return open(FILENAME, FLAGS, MODE);
}


inline int P_pclose (FILE *STREAM) { return (pclose(STREAM));} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.