alpine 3.6
shell weakness #25

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

julia/src/julia-0.5.2/src/runtime_ccall.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 #include "llvm-version.h"
using namespace llvm;

// --- library symbol lookup ---

// map from "libX" to full soname "libX.so.ver"
#if defined(__linux__) || defined(__FreeBSD__)
static uv_rwlock_t soname_lock;
static std::map<std::string, std::string> sonameMap;
static bool got_sonames = false;

extern "C" void jl_init_runtime_ccall(void)
{
    uv_rwlock_init(&soname_lock);
}

// This reloads the sonames, necessary after system upgrade.
// Keep this DLLEXPORTed, this is used by 'BinDeps.jl' to make sure
// newly installed libraries can be found.
extern "C" JL_DLLEXPORT void jl_read_sonames(void)
{
    char *line=NULL;
    size_t sz=0;
#if defined(__linux__)
    FILE *ldc = popen("/sbin/ldconfig -p", "r");
#else
    FILE *ldc = popen("/sbin/ldconfig -r", "r");
#endif
    if (ldc == NULL) return; // ignore errors in running ldconfig (other than whatever might have been printed to stderr)

    // This loop is not allowed to call julia GC while holding the lock
    uv_rwlock_wrlock(&soname_lock);
    sonameMap.clear();
    while (!feof(ldc)) {
        ssize_t n = getline(&line, &sz, ldc);
        if (n == -1)
            break;
        if (n > 2 && isspace((unsigned char)line[0])) {
#ifdef __linux__
            int i = 0;
            while (isspace((unsigned char)line[++i])) ;
            char *name = &line[i];
            char *dot = strstr(name, ".so");
            i = 0;
#else
            char *name = strstr(line, ":-l");
            if (name == NULL) continue;
            strncpy(name, "lib", 3);
            char *dot = strchr(name, '.');
#endif 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.