alpine 3.6
shell weakness #47

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk/src/gawk-4.1.4/vms/vms_popen.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

    the Free Software Foundation, Inc.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2, or (at your option)
   any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software Foundation,
   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */

#ifndef NO_VMS_PIPES

#include "awk.h"	/* really "../awk.h" */
#include <stdio.h>

#ifndef PIPES_SIMULATED

FILE *
popen( const char *command, const char *mode )
{
    fatal(" Cannot open pipe '%s' (not implemented)", command);
    /* NOT REACHED */
    return 0;
}

int
pclose( FILE *current )
{
    fatal(" Internal error ('pclose' not implemented)");
    /* NOT REACHED */
    return -1;
}

int
fork( void )
{
    fatal(" Internal error ('fork' not implemented)");
    /* NOT REACHED */
    return -1;
}

#else	/*PIPES_SIMULATED*/
	/*
	 * Simulate pipes using temporary files; hope that the user 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.