alpine 3.6
shell weakness #43


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 extern int isatty(int);
extern void exit(int);
extern int system(const char *);
extern int sscanf(const char *, const char *, ...);
#ifndef toupper
extern int toupper(int);
#ifndef tolower
extern int tolower(int);

extern double pow(double x, double y);
extern double atof(const char *);
extern double strtod(const char *, char **);
extern int fstat(int, struct stat *);
extern int stat(const char *, struct stat *);
extern off_t lseek(int, off_t, int);
extern int close(int);
extern int creat(const char *, mode_t);
extern int open(const char *, int, ...);
extern int pipe(int *);
extern int dup(int);
extern int dup2(int,int);
extern int fork();
extern int execl(const char *, const char *, ...);
extern int wait(int *);
extern void _exit(int);

#undef aptr_t

#endif /* STDC_HEADERS */

/* prototypes for missing functions defined in missing_d/ */

extern int strcasecmp(const char *s1, const char *s2);
extern int strncasecmp(const char *s1, const char *s2, register size_t n);

extern unsigned long int strtoul(const char *, char **endptr, int base);

#ifndef HAVE_TZSET
extern void tzset();

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.