fedora 25
shell weakness #6

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

inventor/apps/demos/revo/revo.c++

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 shell weakness.

 #include "RevClass.h"

//
// These are defined in profile.c++
//
extern SoNode *createProfileGraph(Widget, RevolutionSurface *);
extern void clearPoints();

//
// Callback for 'About...' button
//
void
showAboutDialog(Widget, XtPointer, XtPointer)
{
    if (access(IVDEMOBINDIR "/revo.about", R_OK) != 0)
    {
	system("xmessage 'Sorry, could not find "
	       IVDEMOBINDIR "/revo.about' > /dev/null");
	return;
    }

    char command[100];
    sprintf(command, "which " PDFVIEWER " >& /dev/null");

    int err = system(command);
    if (err)
    {
	system("xmessage 'You must install " PDFVIEWER
	       " for this function to work' > /dev/null");
	return;
    }

    sprintf(command, PDFVIEWER " " IVDEMOBINDIR "/revo.about &");
    system(command);
}	

//
// Called by the quit button
//
static void
quitCallback(Widget, XtPointer, XtPointer)
{
    exit(0);
}

//
// Callback for the text widget (called when the user hits return).
//
void
changeNumSides(Widget textWidget, XtPointer data, XtPointer) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.