alpine 3.6
shell weakness #14

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

engrampa/src/engrampa-1.18.1/src/commands/rpm2cpio.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 
	/* get the payload type */

	if (fseek (stream, offset, SEEK_SET) != 0) {
		fclose (stream);
		return 1;
	}
	if (fread (bytes, 1, 8, stream) == 0) {
		fclose (stream);
		return 1;
	}
	mime_type = get_mime_type_from_magic_numbers ((char *)bytes);
	if (mime_type == NULL)
		archive_command = "lzma -dc";
	else if (strcmp (mime_type, "application/x-xz") == 0)
		archive_command = "xz -dc";
	else if (strcmp (mime_type, "application/x-gzip") == 0)
		archive_command = "gzip -dc";
	else
		archive_command = "bzip2 -dc";
	fclose (stream);

	command = g_strdup_printf ("sh -c \"dd if=%s ibs=%u skip=1 2>/dev/null | %s | cpio %s\"", g_shell_quote (filename), offset, archive_command, cpio_args->str);

	return system (command);
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.