alpine 3.6
shell weakness #31

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk/src/gawk-4.1.4/io.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 #else  /* __MINGW32__ */
	pid = spawnl(P_NOWAIT, getenv("ComSpec"), "cmd.exe", "/c",
		     qcmd = quote_cmd(cmd), NULL);
	efree(qcmd);
#endif
	
	/* restore stdout */
	close(1);
	if (dup(save_stdout) != 1) {
		close(p[0]);
		fatal(_("restoring stdout in parent process failed\n"));
	}
	close(save_stdout);

#else /* NOT __EMX__, NOT __MINGW32__ */
	if ((pid = fork()) == 0) {
		if (close(1) == -1)
			fatal(_("close of stdout in child failed (%s)"),
				strerror(errno));
		if (dup(p[1]) != 1)
			fatal(_("moving pipe to stdout in child failed (dup: %s)"), strerror(errno));
		if (close(p[0]) == -1 || close(p[1]) == -1)
			fatal(_("close of pipe failed (%s)"), strerror(errno));
		signal(SIGPIPE, SIG_DFL);
		execl("/bin/sh", "sh", "-c", cmd, NULL);
		_exit(errno == ENOENT ? 127 : 126);
	}
#endif /* NOT __EMX__, NOT __MINGW32__ */

	if (pid == -1) {
		close(p[0]); close(p[1]);
		fatal(_("cannot create child process for '%s' (fork: %s)"), cmd, strerror(errno));
	}
	rp->pid = pid;
#if !defined(__EMX__) && !defined(__MINGW32__)
	if (close(p[1]) == -1) {
		close(p[0]);
		fatal(_("close of pipe failed (%s)"), strerror(errno));
	}
#endif
	os_close_on_exec(p[0], cmd, "pipe", "from");
	if ((BINMODE & BINMODE_INPUT) != 0)
		os_setbinmode(p[0], O_BINARY);
	rp->iop = iop_alloc(p[0], cmd, 0);
	find_input_parser(rp->iop);
	iop_finish(rp->iop);
	if (! rp->iop->valid) {
		if (! do_traditional && rp->iop->errcode != 0)
			update_ERRNO_int(rp->iop->errcode);
		iop_close(rp->iop); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.