fedora 23
shell weakness #29

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

bicon-0.5/bicon/pty_spawn.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

 
static void
child(int dummy)
{
  done = 1;
  fprintf (stderr, "done\n");
}

int
bicon_spawn (
  const char *file,
  char *const args[],
  reader master_read,
  reader stdin_read)
{
  struct termios ts, newts;
  struct sigaction sa;
  int status, ret;

  pid = _fork (&master_fd, &slave_fd);
  if (pid == -1)
    return 126;
  if (pid == 0)
    {
      execvp (file, args);
      fprintf (stderr, "bicon: failed running %s.\n", file);
      exit (1);
    }

  sigemptyset (&sa.sa_mask);
  sa.sa_flags = 0;
  sa.sa_handler = resize;
  if (sigaction(SIGWINCH, &sa, NULL) == -1)
    fprintf (stderr, "bicon: sigaction() failed.\n");
  sigemptyset (&sa.sa_mask);
  sa.sa_flags = 0;
  sa.sa_handler = child;
  if (sigaction(SIGCHLD, &sa, NULL) == -1)
    fprintf (stderr, "bicon: sigaction() failed.\n");

  tcgetattr (1, &ts);
  newts = ts;
  cfmakeraw (&newts);
  tcsetattr (1, TCSAFLUSH, &newts);
  _copy (master_fd, master_read, stdin_read, pid);
  tcsetattr (1, TCSAFLUSH, &ts);

  do {
    ret = waitpid (pid, &status, 0);
  } while (ret == -1 && errno == EINTR); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.