centos 7
shell weakness #7


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

    return S_ISREG(results.st_mode);

// isDir:
// Returns true if filename is a directory
bool isDir(const string& filename)
   struct stat results;

   if ( stat(filename.c_str(), &results) !=  0 )
      return false;

   return S_ISDIR(results.st_mode);

// getInput:
// Run filename and store stdout in the output string.
void getInput(const char *filename, string& output)
   FILE *text;
   char *result;
   result = (char *) calloc(1024,sizeof(char));
   text = popen(filename, "r");
   // Wait for program to terminate
   fscanf(text, "%s\n", result);

   output = result;


// parseParameters:
// Interpret arguments, and collect uninterpretted arguments to be passed
// to test_driver.
void parseParameters(int argc, char *argv[])
   staticTests = true;

   for ( int i = 1; i < argc; i++ )
      if (strncmp(argv[i], "-limit", 6) == 0) {
         if (i == (argc-1)) {
            fprintf(stderr, "Error: -limit requires a parameter\n");
         else { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.