fedora 24
shell weakness #11

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

EMBOSS-6.6.0/ajax/core/ajsys.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

 	ajFatal("cannot find program '%S'", pname);

    fflush(stdout);

    pid=fork();

    if(pid==-1)
	ajFatal("System fork failed");

    if(pid)
    {
	while((retval=waitpid(pid,&status,0))!=pid)
	{
	    if(retval == -1)
		if(errno != EINTR)
		    break;
	}
    }
    else
    {
	/* this is the child process */

	if(!freopen(outfnametxt, "ab", stdout))
	    ajErr("Failed to redirect standard output to '%s'", outfnametxt);
	execv(ajStrGetPtr(pname), argptr);
	ajExitAbort();			/* just in case */
    }

    ajStrDel(&pname);

    i = 0;
    while(argptr[i])
    {
	AJFREE(argptr[i]);
	++i;
    }
    AJFREE(argptr);

    AJFREE(pgm);

#else

    PROCESS_INFORMATION pinf;
    STARTUPINFO si;
    HANDLE fp;
    SECURITY_ATTRIBUTES sa;
    ajint status = 0;

    ajDebug ("Launching process '%s'\n", cmdlinetxt);
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.