centos 7
shell weakness #7

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

dyninst-9.3.1/testsuite-9.3.0/src/runTests.C

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 shell weakness.

    return S_ISREG(results.st_mode);
}

// isDir:
// Returns true if filename is a directory
bool isDir(const string& filename)
{
   struct stat results;

   if ( stat(filename.c_str(), &results) !=  0 )
   {
      return false;
   }

   return S_ISDIR(results.st_mode);
}

// getInput:
// Run filename and store stdout in the output string.
void getInput(const char *filename, string& output)
{
   FILE *text;
   char *result;
   result = (char *) calloc(1024,sizeof(char));
   text = popen(filename, "r");
   // Wait for program to terminate
   fscanf(text, "%s\n", result);
   pclose(text);

   output = result;

   free(result);
}

// parseParameters:
// Interpret arguments, and collect uninterpretted arguments to be passed
// to test_driver.
void parseParameters(int argc, char *argv[])
{
#if defined(STATIC_TEST_DRIVER)
   staticTests = true;
#endif

   for ( int i = 1; i < argc; i++ )
   {
      if (strncmp(argv[i], "-limit", 6) == 0) {
         if (i == (argc-1)) {
            fprintf(stderr, "Error: -limit requires a parameter\n");
         }
         else { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.