alpine 3.6
shell weakness #93

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

less/src/less-487/filename.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 
#if HAVE_SHELL
	char *shell;

	shell = lgetenv("SHELL");
	if (shell != NULL && *shell != '\0')
	{
		char *scmd;
		char *esccmd;

		/*
		 * Read the output of <$ SHELL -c cmd>.  
		 * Escape any metacharacters in the command.
		 */
		esccmd = shell_quote(cmd);
		if (esccmd == NULL)
		{
			fd = popen(cmd, "r");
		} else
		{
			int len = (int) (strlen(shell) + strlen(esccmd) + 5);
			scmd = (char *) ecalloc(len, sizeof(char));
			SNPRINTF3(scmd, len, "%s %s %s", shell, shell_coption(), esccmd);
			free(esccmd);
			fd = popen(scmd, "r");
			free(scmd);
		}
	} else
#endif
	{
		fd = popen(cmd, "r");
	}
	/*
	 * Redirection in 'popen' might have messed with the
	 * standard devices.  Restore binary input mode.
	 */
	SET_BINARY(0);
	return (fd);
}

#endif /* HAVE_POPEN */


/*
 * Expand a filename, doing any system-specific metacharacter substitutions.
 */
	public char *
lglob(filename)
	char *filename;
{ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.