alpine 3.6
shell weakness #76

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

notmuch/src/notmuch-0.24.1/notmuch.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 
    return EXIT_SUCCESS;
}

/*
 * Try to run subcommand in argv[0] as notmuch- prefixed external
 * command. argv must be NULL terminated (argv passed to main always
 * is).
 *
 * Does not return if the external command is found and
 * executed. Return TRUE if external command is not found. Return
 * FALSE on errors.
 */
static notmuch_bool_t try_external_command(char *argv[])
{
    char *old_argv0 = argv[0];
    notmuch_bool_t ret = TRUE;

    argv[0] = talloc_asprintf (NULL, "notmuch-%s", old_argv0);

    /*
     * This will only return on errors. Not finding an external
     * command (ENOENT) is not an error from our perspective.
     */
    execvp (argv[0], argv);
    if (errno != ENOENT) {
	fprintf (stderr, "Error: Running external command '%s' failed: %s\n",
		 argv[0], strerror(errno));
	ret = FALSE;
    }

    talloc_free (argv[0]);
    argv[0] = old_argv0;

    return ret;
}

int
main (int argc, char *argv[])
{
    void *local;
    char *talloc_report;
    const char *command_name = NULL;
    command_t *command;
    char *config_file_name = NULL;
    notmuch_config_t *config = NULL;
    int opt_index;
    int ret;

    notmuch_opt_desc_t options[] = { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.