centos 7
shell weakness #3

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

ed-1.9/io.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

       up = push_undo_atom( UADD, current_addr(), current_addr() );
      if( !up ) { enable_interrupts(); return -1; }
      }
    enable_interrupts();
    }
  if( addr && appended && total_size && o_isbinary && newline_added() )
    fputs( "Newline inserted\n", stderr );
  else if( newline_added_now && ( !appended || !isbinary() ) )
    fputs( "Newline appended\n", stderr );
  if( isbinary() && !o_isbinary && newline_added_now && !appended )
    ++total_size;
  if( !total_size ) newline_added_now = true;
  if( appended && newline_added_now ) set_newline_added();
  return total_size;
  }


/* read a named file/pipe into the buffer; return line count */
int read_file( const char * const filename, const int addr )
  {
  FILE * fp;
  long size;
  int ret;

  if( *filename == '!' ) fp = popen( filename + 1, "r" );
  else fp = fopen( strip_escapes( filename ), "r" );
  if( !fp )
    {
    show_strerror( filename, errno );
    set_error_msg( "Cannot open input file" );
    return -1;
    }
  size = read_stream( fp, addr );
  if( size < 0 ) return -1;
  if( *filename == '!' ) ret = pclose( fp ); else ret = fclose( fp );
  if( ret != 0 )
    {
    show_strerror( filename, errno );
    set_error_msg( "Cannot close input file" );
    return -1;
    }
  if( !scripted() ) fprintf( stderr, "%lu\n", size );
  return current_addr() - addr;
  }


/* write a range of lines to a stream */
static long write_stream( FILE * const fp, int from, const int to )
  {
  line_t * lp = search_line_node( from ); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.