alpine 3.6
shell weakness #13

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

engrampa/src/engrampa-1.18.1/src/fr-process.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 		else if (g_str_has_prefix(argv[0], "mv")) {
			commandline = g_strconcat(commandline, "mv", NULL);
		}
	}

	argv[i] = NULL;

#ifdef DEBUG
	{
		int j;

		if (process->priv->use_standard_locale)
			g_print ("\tLC_MESSAGES=C\n");

		if (info->dir != NULL)
			g_print ("\tcd %s\n", info->dir);

		g_print ("\t");
		for (j = 0; j < i; j++)
			g_print ("%s ", argv[j]);
		g_print ("\n");
	}
#endif

	if ((fixname) && (system(commandline) != 0)) {
		g_warning ("The files could not be move: %s\n", commandline);
		return;
	}

	if (info->begin_func != NULL)
		(*info->begin_func) (info->begin_data);

	if (! g_spawn_async_with_pipes (info->dir,
					argv,
					NULL,
					(G_SPAWN_LEAVE_DESCRIPTORS_OPEN
					 | G_SPAWN_SEARCH_PATH
					 | G_SPAWN_DO_NOT_REAP_CHILD),
					child_setup,
					process,
					&process->priv->command_pid,
					NULL,
					&out_fd,
					&err_fd,
					&process->error.gerror))
	{
		process->error.type = FR_PROC_ERROR_SPAWN;
		g_signal_emit (G_OBJECT (process),
			       fr_process_signals[DONE],
			       0, 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.