alpine 3.6
shell weakness #17

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

libetpan/src/libetpan-1.7.2/src/engine/mailprivacy_tools.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

   switch (pid) {
  case -1:
    {
      close (passphrase_input[0]);
      close (passphrase_input[1]);
      res = ERROR_PASSPHRASE_COMMAND;
      goto close_err;
    }
    
  case 0:
    /* child */
    {
      int status;
      
      /* close unneeded fd */
      close(passphrase_input[1]);
      
      dup2(passphrase_input[0], 0);
      close(passphrase_input[0]);
      dup2(fd_out, 1);
      close(fd_out);
      dup2(fd_err, 2);
      close(fd_err);
      
      status = system(command);
      
      exit(WEXITSTATUS(status));
    }
    break;
    
  default:
    /* parent */
    {
      int status;
      
      /* close unneeded fd */
      close(fd_err);
      close(fd_out);
      close(passphrase_input[0]);
      
      if ((passphrase != NULL) && (strlen(passphrase) > 0)) {
        r = (int) write(passphrase_input[1], passphrase, strlen(passphrase));
        if (r != (int) strlen(passphrase)) {
          close(passphrase_input[1]);
          return ERROR_PASSPHRASE_FILE;
        }
      }
      else {
        /* dummy password */
        r = (int) write(passphrase_input[1], "*dummy*", 7); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.