fedora 25
shell weakness #16

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

inventor/apps/samples/widgets/MyMtlPal.c++

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 shell weakness.

     XtSetValues(widgetList[EDIT_COPY], args, 1);
    XtSetValues(widgetList[EDIT_PASTE], args, 1);
    XtSetValues(widgetList[EDIT_DELETE], args, 1);
}

////////////////////////////////////////////////////////////////////////
//
// Description:
//	Called to enable/disable the "File" menu entries
//
// Use: private
void
MyMaterialPalette::updateFileMenu()
//
////////////////////////////////////////////////////////////////////////
{
    if (widgetList[FILE_MENU] == NULL)
	return;
    
    PaletteStruct *pal = (PaletteStruct *) paletteList[curPalette];
    
    XtVaSetValues(widgetList[FILE_RESET], XmNsensitive, 
	pal->user && pal->system, NULL);
    XtVaSetValues(widgetList[FILE_DELETE], XmNsensitive, 
	pal->user && !pal->system, NULL);
}

////////////////////////////////////////////////////////////////////////
//
// show the component
//
// usage: virtual public
//
void
MyMaterialPalette::show()
//
////////////////////////////////////////////////////////////////////////
{
    SoXtComponent::show();
    
    // now also show the material editor (if it was shown)
    if (matEditor != NULL && matEditor->getWidget() != NULL)
	matEditor->show();
}

////////////////////////////////////////////////////////////////////////
//
// hide the component
//
// usage: virtual public 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.