A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.
This causes a new program to execute and is difficult to use safely.
oiio-Release-1.5.24/src/libutil/filesystem.cpp
The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.
{
#if BOOST_FILESYSTEM_VERSION >= 3
boost::system::error_code ec;
boost::filesystem::path p = boost::filesystem::temp_directory_path (ec);
return ec ? std::string() : p.string();
#else
const char *tmpdir = getenv("TMPDIR");
if (! tmpdir)
tmpdir = getenv("TMP");
if (! tmpdir)
tmpdir = "/var/tmp";
if (exists (tmpdir))
return tmpdir;
// punt and hope for the best
return ".";
#endif
}
std::string
Filesystem::unique_path (string_view model)
{
#if BOOST_FILESYSTEM_VERSION >= 3
boost::system::error_code ec;
boost::filesystem::path p = boost::filesystem::unique_path (model.str(), ec);
return ec ? std::string() : p.string();
#elif _MSC_VER
char buf[TMP_MAX];
char *result = tmpnam (buf);
return result ? std::string(result) : std::string();
#else
char buf[L_tmpnam];
char *result = tmpnam (buf);
return result ? std::string(result) : std::string();
#endif
}
std::string
Filesystem::current_path()
{
#if BOOST_FILESYSTEM_VERSION >= 3
boost::system::error_code ec;
boost::filesystem::path p = boost::filesystem::current_path (ec);
return ec ? std::string() : p.string();
#else
// Fallback if we don't have recent Boost
char path[FILENAME_MAX];