alpine 3.6
shell weakness #75

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

notmuch/src/notmuch-0.24.1/notmuch.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 A caller requested deprecated output format version %d, which may not\n\
be supported in the future.\n", notmuch_format_version);
    }
}

void
notmuch_exit_if_unmatched_db_uuid (notmuch_database_t *notmuch)
{
    const char *uuid = NULL;

    if (!notmuch_requested_db_uuid)
	return;
    IGNORE_RESULT (notmuch_database_get_revision (notmuch, &uuid));

    if (strcmp (notmuch_requested_db_uuid, uuid) != 0){
	fprintf (stderr, "Error: requested database revision %s does not match %s\n",
		 notmuch_requested_db_uuid, uuid);
	exit (1);
    }
}

static void
exec_man (const char *page)
{
    if (execlp ("man", "man", page, (char *) NULL)) {
	perror ("exec man");
	exit (1);
    }
}

static int
_help_for (const char *topic_name)
{
    command_t *command;
    help_topic_t *topic;
    unsigned int i;

    if (!topic_name) {
	printf ("The notmuch mail system.\n\n");
	usage (stdout);
	return EXIT_SUCCESS;
    }

    if (strcmp (topic_name, "help") == 0) {
	printf ("The notmuch help system.\n\n"
		"\tNotmuch uses the man command to display help. In case\n"
		"\tof difficulties check that MANPATH includes the pages\n"
		"\tinstalled by notmuch.\n\n"
		"\tTry \"notmuch help\" for a list of topics.\n");
	return EXIT_SUCCESS; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.