fedora 25
shell weakness #20

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

inventor/apps/samples/widgets/MyTextureEd.c++

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 shell weakness.

 	(XtCallbackProc) MyTextureEditor::deleteDialogCB, (XtPointer) this);
    XtAddCallback(dialog, XmNcancelCallback, 
	(XtCallbackProc) MyTextureEditor::deleteDialogCB, (XtPointer) this);
    
    XtManageChild(dialog);
}

////////////////////////////////////////////////////////////////////////
//
// Description:
//	updates the "File" menu (grey things out) to reflect current
//  palette.
//
// Use: private
void
MyTextureEditor::updateFileMenu()
//
////////////////////////////////////////////////////////////////////////
{
    PaletteStruct *pal = (PaletteStruct *) paletteList[curPalette];
    
    XtVaSetValues(widgetList[FILE_RESET], XmNsensitive, 
	pal->user && pal->system, NULL);
    XtVaSetValues(widgetList[FILE_DELETE], XmNsensitive, 
	pal->user && !pal->system, NULL);
}

////////////////////////////////////////////////////////////////////////
//
// Description:
//	This creates a new palette with the given name (called when the
//  user wants a new palette using the 'new' button).
//
// Use: private
void
MyTextureEditor::createNewPalette(char *palName)
//
////////////////////////////////////////////////////////////////////////
{
    //
    // create that empty palette file (under the user's home
    // directory).
    //
    char dirName[MAXPATHLEN];
    char fileName[MAXPATHLEN];
    struct stat buf;
    FILE *file;
    sprintf(dirName, "%s/%s/", getenv("HOME"), customTextureDir);
    if (stat(dirName, &buf) != 0)
	mkdir(dirName, 0x1ff); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.