fedora 25
shell weakness #1

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

GLC_Player-2.3.0/main.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 shell weakness.

 	// The splash screen
	#if !defined(Q_OS_MAC)
	QSplashScreen *pSplash= new QSplashScreen;
	pSplash->setPixmap(QPixmap(":images/Splash.png"));

	pSplash->show();
	#endif
	// Settings
	#if defined(Q_OS_MAC)
	const QString settingsFileName(QDir::homePath() + "/Library/Application Support/" + QCoreApplication::applicationName() + QDir::separator() + "Settings.ini");
	QDir().mkpath(QFileInfo(settingsFileName).path());
	QSettings settings(settingsFileName, QSettings::IniFormat);
	#else
	QSettings settings;
	#endif
	// Chose application language
	QTranslator translator;
	if (settings.contains("currentLanguage"))
	{
		QString currentLanguage(settings.value("currentLanguage").toString());
		translator.load(QString(":/lang/glc_player_") + currentLanguage);
	}
	else
	{
		QString locale = QString(QLocale::system().name()).left(2);
		translator.load(QString(":/lang/glc_player_") + locale);
		settings.setValue("currentLanguage", locale);
	}
	// Set application language
	QCoreApplication::installTranslator(&translator);

    // Test if the system has OpenGL Support
    if (!QGLFormat::hasOpenGL())
    {
    	QString message(QObject::tr("This System has no OpenGL support"));
    	QMessageBox::critical(NULL, QCoreApplication::applicationName(), message);
    	return 1;
    }

    // Test if the system support frame buffer Object
    //const bool frameBufferIsSupported= QGLFramebufferObject::hasOpenGLFramebufferObjects();

    // Create the main Window
    glc_player mainWindow;
    mainWindow.show();

    //app.connect(&app, SIGNAL(lastWindowClosed()), &app, SLOT(quit()));
	#if !defined(Q_OS_MAC)
	pSplash->finish(&mainWindow);
	delete pSplash; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.