alpine 3.6
shell weakness #40

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk/src/gawk-4.1.4/pc/popen.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 /*
** popen.h -- prototypes for pipe functions
*/
#if !defined (__DJGPP__)
# if defined (popen)
#  undef popen
#  undef pclose
# endif
# define popen(c, m)	os_popen(c, m)
# define pclose(f)	os_pclose(f)
  extern FILE *os_popen( const char *, const char * );
  extern int  os_pclose( FILE * );
# ifdef __MINGW32__
#  define system(c)	os_system(c)
   extern int os_system( const char * );
#  define SIGKILL	9
   extern int kill( int, int );
   extern char *quote_cmd( const char * );
# endif	 /* __MINGW32__ */
#endif	/* !__DJGPP__ */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.