alpine 3.6
shell weakness #78

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

kyua/src/kyua-0.13/utils/fs/operations.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

     case os_sunos:
        mount_args[last++] = "mount";
        mount_args[last++] = "-Ftmpfs";
        if (size > 0) {
            size_arg = F("-o-s%s") % size;
            mount_args[last++] = size_arg.c_str();
        }
        mount_args[last++] = "tmpfs";
        mount_args[last++] = mount_point.c_str();
        break;

    default:
        std::cerr << "Don't know how to mount a temporary file system in this "
            "host operating system\n";
        std::exit(exit_known_error);
    }
    mount_args[last] = NULL;

    const char** arg;
    std::cout << "Mounting tmpfs onto " << mount_point << " with:";
    for (arg = &mount_args[0]; *arg != NULL; arg++)
        std::cout << " " << *arg;
    std::cout << "\n";

    const int ret = ::execvp(mount_args[0],
                             UTILS_UNCONST(char* const, mount_args));
    INV(ret == -1);
    std::cerr << "Failed to exec " << mount_args[0] << "\n";
    std::exit(EXIT_FAILURE);
}


/// Unmounts a file system using unmount(2).
///
/// \pre unmount(2) must be available; i.e. have_unmount2 must be true.
///
/// \param mount_point The file system to unmount.
///
/// \throw fs::system_error If the call to unmount(2) fails.
static void
unmount_with_unmount2(const fs::path& mount_point)
{
    PRE(have_unmount2);

    if (::unmount(mount_point.c_str(), 0) == -1) {
        const int original_errno = errno;
        throw fs::system_error(F("unmount(%s) failed") % mount_point,
                               original_errno);
    }
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.