rhel 6
shell weakness #16

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

sudo-1.8.6p3/plugins/sudoers/visudo.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 shell weakness.

     sa.sa_handler = quit;
    (void) sigaction(SIGTERM, &sa, NULL);
    (void) sigaction(SIGHUP, &sa, NULL);
    (void) sigaction(SIGINT, &sa, NULL);
    (void) sigaction(SIGQUIT, &sa, NULL);

    debug_return;
}

static int
run_command(char *path, char **argv)
{
    int status;
    pid_t pid, rv;
    debug_decl(run_command, SUDO_DEBUG_UTIL)

    switch (pid = sudo_debug_fork()) {
	case -1:
	    error(1, _("unable to execute %s"), path);
	    break;	/* NOTREACHED */
	case 0:
	    sudo_endpwent();
	    sudo_endgrent();
	    closefrom(STDERR_FILENO + 1);
	    execv(path, argv);
	    warning(_("unable to run %s"), path);
	    _exit(127);
	    break;	/* NOTREACHED */
    }

    do {
	rv = waitpid(pid, &status, 0);
    } while (rv == -1 && errno == EINTR);

    if (rv != -1)
	rv = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
    debug_return_int(rv);
}

static bool
check_owner(const char *path, bool quiet)
{
    struct stat sb;
    bool ok = true;
    debug_decl(check_owner, SUDO_DEBUG_UTIL)

    if (stat(path, &sb) == 0) {
	if (sb.st_uid != SUDOERS_UID || sb.st_gid != SUDOERS_GID) {
	    ok = false;
	    if (!quiet) { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.