fedora 23
shell weakness #1


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

 	DataLoadFilter* d= new DataLoadFilter;

	bool needUp;
	TEST(d->setProperty(DATALOAD_KEY_FILE,posName,needUp),"Set prop");
	TEST(d->setProperty(DATALOAD_KEY_SAMPLE,"0",needUp),"Set prop");

	vector<const FilterStreamData*> streamIn,streamOut;
	ProgressData prog;
	TEST(!d->refresh(streamIn,streamOut,prog),"Refresh error code");
	delete d;

	TEST(streamOut.size() == 1, "Stream count");
	TEST(streamOut[0]->getStreamType() == STREAM_TYPE_IONS, "Stream type");

	TEST(streamOut[0]->getNumBasicObjects() == hits.size(), "Stream count");
#if defined(__LINUX__) || defined(__APPLE__)
	//Hackish method to delete file
	std::string s;
	s=string("rm -f ") + string(posName);

	delete streamOut[0];
	return true;

bool textFileTest()
	//write some random data
	// with a fixed seed value
	RandNumGen r;
	const unsigned int NUM_PTS=1000;

	//TODO: do better than this
	const char *FILENAME="test-3mdfuneaascn.txt";
	//see if we can open the file for input. If so, it must exist,
	//and thus we don't want to overwrite it, as it may contain useful data.
	std::ifstream inFile(FILENAME);
		std::string s;
		s="Unwilling to execute file test, will not overwrite file :";
		s+=". Test is indeterminate"; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.