alpine 3.6
shell weakness #27

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk/src/gawk-4.1.4/debug.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 		}
	}
	return false;
}

/* restart --- restart the debugger */

static void
restart(bool run)
{
	/* save state in the environment after serialization */
	serialize(BREAK);
	serialize(WATCH);
	serialize(DISPLAY);
	serialize(HISTORY);
	serialize(OPTION);

	/* tell the new process to restore state from the environment */
	setenv("DGAWK_RESTART", (run ? "true" : "false"), 1);

	/* close all open files */
	close_all();

	/* start a new process replacing the current process */
	execvp(d_argv[0], d_argv);

	/* execvp failed !!! */
	fprintf(out_fp, _("Failed to restart debugger"));
	exit(EXIT_FAILURE);
}

/* do_run --- run command */

int
do_run(CMDARG *arg ATTRIBUTE_UNUSED, int cmd ATTRIBUTE_UNUSED)
{
	if (prog_running) {
		if (! input_from_tty)
			need_restart = true;	/* handled later */
		else {
			need_restart = prompt_yes_no(
			         _("Program already running. Restart from beginning (y/n)? "),
			         _("y")[0], false, out_fp);

			if (! need_restart) {
				fprintf(out_fp, _("Program not restarted\n"));
				return false;
			}
		}
	} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.