centos 7
shell weakness #6

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

dyninst-9.3.1/testsuite-9.3.0/src/dyninst/test_lib_test9.C

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

 			dup2(outlog_fd, 1); // stdout
			dup2(errlog_fd, 2); // stderr

#if defined(rs6000_ibm_aix5_1) \
 || defined(rs6000_ibm_aix4_1_test)
			changePath(path);
#endif
			for(int i=0; environ[i]; i++){

				if( strstr(environ[i], "LD_LIBRARY_PATH=") ){
					environ[i] = newLDPATH;
				}
			}
			if (preloadMutatedRT(path) < 0) {
			    return (-1);
			}
#if  defined(i386_unknown_linux2_0_test) \
 || defined(x86_64_unknown_linux2_4_test)
			struct stat buf;
			retVal = stat("/usr/bin/setarch", &buf);
			if(retVal != -1 ){
				execl("/usr/bin/setarch","setarch","i386",mutatedBinary, "-run", testID,0); 
			}else{
				logerror(" Running without /usr/bin/setarch\n");
				execl(mutatedBinary, realFileName,"-run", testID,0); 
			}
#else

			execl(mutatedBinary, realFileName,"-run", testID,0); 
#endif
			logerror("ERROR!\n");
			perror("execl");
                        return 0;

		default: 
			//parent
			delete [] command;
			delete [] mutatedBinary;
#if defined(rs6000_ibm_aix4_1_test) \
 || defined(i386_unknown_linux2_0_test) \
 || defined(x86_64_unknown_linux2_4_test) /* Blind duplication - Ray */ \
 || defined(rs6000_ibm_aix5_1)
			died= waitpid(pid, &status, 0); 
#endif
   	}

#if defined(rs6000_ibm_aix4_1_test) \
 || defined(i386_unknown_linux2_0_test) \
 || defined(x86_64_unknown_linux2_4_test) /* Blind duplication - Ray */ \
 || defined(rs6000_ibm_aix5_1) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.