fedora 23
shell weakness #3

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

WritRecogn-0.1.9/src/common.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

     }
    cdFileName=argv[optind];
    return TRUE;
}


/**
 * Check the availability of files.
 * 
 * If files are undefined, then use the default filenames
 */
gboolean check_files(){
    gchar uBuf[PATH_MAX];
    gchar sBuf[PATH_MAX];
    gchar cmd[PATH_MAX];
    truepath(DEFAULT_USER_DATA_DIR,uBuf);
    truepath(DEFAULT_SYSTEM_DATA_DIR,sBuf);

    /* Copy to .WritRecogn  */
    if (progAssoc.progCmd==RECOGNIZER){
        if (access(uBuf,F_OK)!=0){
            if (access(sBuf,F_OK)==0){
                printf("%s do not exist, copying from %s.\n ",uBuf,sBuf);
                sprintf(cmd,"cp -R %s %s",sBuf,uBuf);
                int ret=system(cmd);
                if (ret==0){
                    printf("Copy completed.\n");
                }else{
                    printf("Copy failed.\n");
                    exit(ret);
                }
            }else{
		if (cdFileName==NULL){
		    verboseMsg_print(VERBOSE_MSG_WARNING,"[Warning] either %s or %s do not exist!\n",uBuf, sBuf);
		    verboseMsg_print(VERBOSE_MSG_WARNING," Will try to locate %s in following directories:%s \n",
			    DEFAULT_CHARACTER_DATA_FILE, DEFAULT_SEARCH_ORDER);
		}
            }
        }
    }

    /*
     * For stroke data manager, if cdFileName is not defined, then report error.
     *
     * For recognizer, if cdFileName is not defined, then used the default one 
     */
    if (cdFileName==NULL){
        if ( progAssoc.progCmd==CHARACTER_DATA_MANAGER){
	    verboseMsg_print(VERBOSE_MSG_CRITICAL,"Please specify character data file!\n");
            return FALSE; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.