alpine 3.6
shell weakness #69

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

cogl/src/cogl-1.22.2/examples/cogl-x11-tfp.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 #include <X11/Xlib.h>
#include <X11/Xutil.h>
#include <X11/Xatom.h>

#include <X11/extensions/Xcomposite.h>

#define X11_FOREIGN_EVENT_MASK \
  (KeyPressMask | \
   KeyReleaseMask | \
   ButtonPressMask | \
   ButtonReleaseMask | \
   PointerMotionMask)

#define TFP_XWIN_WIDTH 200
#define TFP_XWIN_HEIGHT 200

static pid_t gears_pid = 0;

static void
spawn_gears (CoglBool stereo)
{
  pid_t pid = fork();

  if (pid == 0)
    execlp ("glxgears", "glxgears",
            stereo ? "-stereo" : NULL,
            NULL);

  gears_pid = pid;
}

static XID
find_gears_toplevel (Display *xdpy,
		     Window   window)
{
  Atom window_state = XInternAtom (xdpy, "WM_STATE", False);
  Atom type;
  int format;
  unsigned long n_items;
  unsigned long bytes_after;
  unsigned char *data;
  CoglBool result = FALSE;

  if (window == None)
    window = DefaultRootWindow (xdpy);

  XGetWindowProperty (xdpy, window, window_state,
                      0, G_MAXLONG, False, window_state,
                      &type, &format, &n_items, &bytes_after, &data);
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.