alpine 3.6
shell weakness #84

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

cgdb/src/cgdb-0.7.0/cgdb/cgdb.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

  *
 * \return The exit status of the system() call.
 */
int run_shell_command(const char *command)
{
    int rv;

    /* Cleanly scroll the screen up for a prompt */
    swin_scrl(1);
    swin_move(swin_lines() - 1, 0);
    printf("\n");

    /* Put the terminal in cooked mode and turn on echo */
    swin_endwin();
    tty_set_attributes(STDIN_FILENO, &term_attributes);

    /* NULL or empty string means invoke user's shell */
    if (!command || !command[0]) {
        /* Check for SHELL environment variable */
        char *shell = getenv("SHELL");

        rv = system(shell ? shell : "/bin/sh");
    } else {
        /* Execute the command passed in via system() */
        rv = system(command);
    }

    /* Press any key to continue... */
    fprintf(stderr, "Hit ENTER to continue...");
    while (fgetc(stdin) != '\n') {
    }

    /* Turn off echo and put the terminal back into raw mode */
    tty_cbreak(STDIN_FILENO, &term_attributes);
    if_draw();

    return rv;
}

static void parse_cgdbrc_file()
{
    char config_file[FSUTIL_PATH_MAX];

    fs_util_get_path(cgdb_home_dir, "cgdbrc", config_file);
    command_parse_file(config_file);
}

/* readline code {{{*/

/* Please forgive me for adding all the comment below. This function 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.