alpine 3.6
shell weakness #43

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk/src/gawk-4.1.4/protos.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 extern int isatty(int);
extern void exit(int);
extern int system(const char *);
extern int sscanf(const char *, const char *, ...);
#ifndef toupper
extern int toupper(int);
#endif
#ifndef tolower
extern int tolower(int);
#endif

extern double pow(double x, double y);
extern double atof(const char *);
extern double strtod(const char *, char **);
extern int fstat(int, struct stat *);
extern int stat(const char *, struct stat *);
extern off_t lseek(int, off_t, int);
extern int close(int);
extern int creat(const char *, mode_t);
extern int open(const char *, int, ...);
extern int pipe(int *);
extern int dup(int);
extern int dup2(int,int);
extern int fork();
extern int execl(const char *, const char *, ...);
#ifndef HAVE_SYS_WAIT_H
extern int wait(int *);
#endif
extern void _exit(int);

#undef aptr_t

#endif /* STDC_HEADERS */


/* prototypes for missing functions defined in missing_d/ */

#ifndef HAVE_STRNCASECMP
extern int strcasecmp(const char *s1, const char *s2);
extern int strncasecmp(const char *s1, const char *s2, register size_t n);
#endif

#ifndef HAVE_STRTOUL
extern unsigned long int strtoul(const char *, char **endptr, int base);
#endif

#ifndef HAVE_TZSET
extern void tzset();
#endif
  

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.