fedora 24
shell weakness #6

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

EMBOSS-6.6.0/scripts/bundlewin.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

 
    
    sprintf(src,"%s/test/*",basedir);
    fix_dir(src);
    
    sprintf(dest,"%s/win32build/test",newbasedir);
    fix_dir(dest);

    sprintf(command,"%s %s %s",CPDFPR,src,dest);

    if(system(command))
    {
	fprintf(stderr,"Can't execute %s\n",command);
	exit(-1);
    }

  sprintf(src,"%s/test/.embossrc",basedir);
    fix_dir(src);
    
    sprintf(dest,"%s/win32build/test",newbasedir);
    fix_dir(dest);

    sprintf(command,"%s %s %s",CPDFPR,src,dest);

    if(system(command))
    {
	fprintf(stderr,"Can't execute %s\n",command);
	exit(-1);
    }

    return;
}




static void copy_scripts(char *basedir, char *newbasedir)
{
    char command[MAXNAMLEN];
    char src[MAXNAMLEN];
    char dest[MAXNAMLEN];


    sprintf(src,"%s/scripts/qatest.pl",basedir);
    fix_dir(src);

    sprintf(dest,"%s/win32build/scripts",newbasedir);
    fix_dir(dest);

    sprintf(command,"%s %s %s",CPDFPR,src,dest); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.