alpine 3.6
shell weakness #85

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

cgdb/src/cgdb-0.7.0/lib/util/fork_util.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

     }

    /* Log the gdb invocation line */
    clog_info(CLOG_GDBIO, "Invoking program:");
    for (i = 0; i < j; i++) {
        clog_info(CLOG_GDBIO, "  argv[%d]=%s ", i, local_argv[i]);
    }

    /* Fork into two processes with a shared pty pipe */
    pid = pty_fork(&masterfd, slavename, SLAVE_SIZE, NULL, NULL);

    if (pid == -1) {            /* error, free memory and return  */
        pty_free_memory(slavename, masterfd, argc, local_argv);
        clog_error(CLOG_CGDB, "fork failed");
        return -1;
    } else if (pid == 0) {      /* child */
        FILE *fd = fopen(slavename, "r");

        if (fd)
            tty_set_echo(fileno(fd), 0);

        /* If this is not called, when user types ^c SIGINT gets sent to gdb */
        setsid();

        execvp(local_argv[0], local_argv);

        /* Will get here if exec failed. This will happen when the 
         * - "gdb" is not on the users path, or if 
         * - user specified a different program via the -d option and it was
         *   not able to be exec'd.
         */
        exit(0);
    }

    *in = masterfd;
    *out = masterfd;

    free_memory(malloc_size, local_argv);
    return pid;
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.