alpine 3.6
shell weakness #23

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

julia/src/JuliaLang-libuv-8d5131b/test/runner-unix.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 
  if (pid == 0) {
    /* child */
    arg = getenv("UV_USE_VALGRIND");
    n = 0;

    /* Disable valgrind for helpers, it complains about helpers leaking memory.
     * They're killed after the test and as such never get a chance to clean up.
     */
    if (is_helper == 0 && arg != NULL && atoi(arg) != 0) {
      args[n++] = "valgrind";
      args[n++] = "--quiet";
      args[n++] = "--leak-check=full";
      args[n++] = "--show-reachable=yes";
      args[n++] = "--error-exitcode=125";
    }

    args[n++] = executable_path;
    args[n++] = name;
    args[n++] = part;
    args[n++] = NULL;

    dup2(fileno(stdout_file), STDOUT_FILENO);
    dup2(fileno(stdout_file), STDERR_FILENO);
    execvp(args[0], args);
    perror("execvp()");
    _exit(127);
  }

  /* parent */
  p->pid = pid;
  p->name = strdup(name);
  p->stdout_file = stdout_file;

  return 0;
}


typedef struct {
  int pipe[2];
  process_info_t* vec;
  int n;
} dowait_args;


/* This function is run inside a pthread. We do this so that we can possibly
 * timeout.
 */
static void* dowait(void* data) {
  dowait_args* args = data; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.