fedora 24
shell weakness #12

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

EMBOSS-6.6.0/ajax/core/ajsys.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

 
    ajDebug("ajSysExecC '%s'\n", cmdlinetxt);

    if(!ajSysArglistBuildC(cmdlinetxt, &pgm, &argptr))
	return -1;

    pname = ajStrNewC(pgm);

    pid=fork();

    if(pid==-1)
	ajFatal("System fork failed");

    if(pid)
    {
	while((retval=waitpid(pid,&status,0))!=pid)
	{
	    if(retval == -1)
		if(errno != EINTR)
		    break;
	}
    }
    else
    {
	execv(ajStrGetPtr(pname), argptr);
	ajExitAbort();			/* just in case */
    }

    ajStrDel(&pname);

    i = 0;
    while(argptr[i])
    {
	AJFREE(argptr[i]);
	++i;
    }
    AJFREE(argptr);

    AJFREE(pgm);

#else
    PROCESS_INFORMATION procInfo;
    STARTUPINFO startInfo;
    ajint status = 0;

    ajDebug ("Launching process '%s'\n", cmdlinetxt);
    
    ZeroMemory(&startInfo, sizeof(startInfo));
    startInfo.cb = sizeof(startInfo);
     

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.