alpine 3.6
shell weakness #77

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

notmuch/src/notmuch-0.24.1/hooks.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 
    /* Check access before fork() for speed and simplicity of error handling. */
    if (access (hook_path, X_OK) == -1) {
	/* Ignore ENOENT. It's okay not to have a hook, hook dir, or even
	 * notmuch dir. Dangling symbolic links also result in ENOENT, but
	 * we'll ignore that too for simplicity. */
	if (errno != ENOENT) {
	    fprintf (stderr, "Error: %s hook access failed: %s\n", hook,
		     strerror (errno));
	    status = 1;
	}
	goto DONE;
    }

    /* Flush any buffered output before forking. */
    fflush (stdout);

    pid = fork();
    if (pid == -1) {
	fprintf (stderr, "Error: %s hook fork failed: %s\n", hook,
		 strerror (errno));
	status = 1;
	goto DONE;
    } else if (pid == 0) {
	execl (hook_path, hook_path, NULL);
	/* Same as above for ENOENT, but unlikely now. Indicate all other errors
	 * to parent through non-zero exit status. */
	if (errno != ENOENT) {
	    fprintf (stderr, "Error: %s hook execution failed: %s\n", hook,
		     strerror (errno));
	    status = 1;
	}
	exit (status);
    }

    if (waitpid (pid, &status, 0) == -1) {
	fprintf (stderr, "Error: %s hook wait failed: %s\n", hook,
		 strerror (errno));
	status = 1;
	goto DONE;
    }

    if (!WIFEXITED (status) || WEXITSTATUS (status)) {
	if (WIFEXITED (status)) {
	    fprintf (stderr, "Error: %s hook failed with status %d\n",
		     hook, WEXITSTATUS (status));
	} else if (WIFSIGNALED (status)) {
	    fprintf (stderr, "Error: %s hook terminated with signal %d\n",
		     hook, WTERMSIG (status));
	} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.