alpine 3.6
shell weakness #68


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

            *p = '\0';
    g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(),
                dpy ? dpy : ":0", g_get_user_name() );

#define MAX_RETRIES 25

static gboolean fork_server()
    int ret, pid, status;

    if (!g_file_test (MENUCACHE_LIBEXECDIR "/menu-cached", G_FILE_TEST_IS_EXECUTABLE))
        g_error("failed to find menu-cached");

    /* Start daemon */
    pid = fork();
    if (pid == 0)
        execl( MENUCACHE_LIBEXECDIR "/menu-cached", MENUCACHE_LIBEXECDIR "/menu-cached", NULL);
        g_print("failed to exec %s\n", MENUCACHE_LIBEXECDIR "/menu-cached");

     * do a waitpid on the intermediate process to avoid zombies.
    ret = waitpid(pid, &status, 0);
    if (ret < 0) {
        if (errno == EINTR)
            goto retry_wait;
    return TRUE;

static gpointer server_io_thread(gpointer _unused)
    char buf[1024]; /* protocol has a lot shorter strings */
    ssize_t sz;
    size_t ptr = 0;
    int fd;
    GHashTableIter it;
    char* menu_name;
    MenuCache* cache;

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.