centos 7
shell weakness #30

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

dyninst-9.3.1/testsuite-9.3.0/src/runTests-utils.C

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

       cmd = "dirname " + logfile;
      getInput(cmd.c_str(), testslogdir);
   
      if ( ! isDir(testslogdir) )
      {
         cout << testslogdir << "does not exist (yet)!" << endl;
         cmd = "mkdir -p " + testslogdir;
         system(cmd.c_str());
         if ( ! isDir(testslogdir) )
         {
            cout << testslogdir << " creation failed - aborting!" << endl;
            exit(1);
         } else {
            cout << testslogdir << " create for test logs!" << endl;
         }
      }

      if ( isRegFile(logfile) )
      {
         cout << "File exists" << endl;
      }
      else
      {
         cmd = "touch " + logfile;
         system(cmd.c_str());
      }
   
      cmd = logfile + ".gz";
      if ( isRegFile(cmd) )
      {
         cout << "File.gz exists" << endl;
      }
   }
}

#define SCRIPT_NAME "parallel_testdriver"

char *createParallelScript()
{
   char cwd[4096];
   memset(cwd, 0, 4096);
   char *result = getcwd(cwd, 4096);
   if (!result) {
      perror("Could not getcwd for parallel script");
      exit(-1);
   }

   FILE *f = fopen(SCRIPT_NAME, "w");
   fprintf(f, "#!/bin/sh\n");
   fprintf(f, "cd %s\n", cwd); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.