fedora 24
shell weakness #29


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

     bool ok = true;
    size_t len = optstring.length();
    size_t pos = 0;
    while (pos < len) {
        std::string opt;
        bool inquote = false;
        while (pos < len) {
            unsigned char c = optstring[pos];
            if (c == '\"') {
                // Hit a double quote -- toggle "inquote" and add the quote
                inquote = !inquote;
                opt += c;
            } else if (c == ',' && !inquote) {
                // Hit a comma and not inside a quote -- we have an option
                ++pos;  // skip the comma
                break;  // done with option
            } else {
                // Anything else: add to the option
                opt += c;
        // At this point, opt holds an option
        ok &= optparse1 (system, opt);
    return ok;



The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.