fedora 25
shell weakness #14

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

inventor/apps/samples/widgets/MyMtlPal.c++

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 shell weakness.

     
    EDIT_MENU, 
    EDIT_CUT, 
    EDIT_COPY, 
    EDIT_PASTE, 
    EDIT_DELETE, 
    
    // list of needed widget to build the palette menu on the fly
    MENU_BAR, 
    PALETTE_BUTTON, 
    PALETTE_MENU, 
    
    MAT_LABEL, 
    MENU_LENGTH,    // this must be the last entry
};

struct MaterialNameStruct {
    char *name;
    char *oldName;
};

struct PaletteStruct {
    char    *name;
    SbBool  user;
    SbBool  system;
};

struct MenuButtonItemStruct {
    char    *name;
    int	    id;
    char    *accelerator; // e.g. "Alt <Key> p" or "Ctrl <Key> u"
    char    *accelText;   // text that appears in the menu item
};

struct MenuStruct {
    char    *name;
    int	    id;
    struct MenuButtonItemStruct *subMenu;
    int	    subItemCount;
};


/*
 * static vars
 */


static MenuButtonItemStruct fileData[] = {
    {"New...",	    FILE_NEW,	    "Alt <Key> n", "Alt+n" }, 
    {"Save",	    FILE_SAVE,	    "Alt <Key> s", "Alt+s" },  

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.