alpine 3.9
access weakness #1
Weakness Breakdown
Definition:
An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.
Warning code(s):
If this call fails, the program could fail to drop heightened privileges.
File Name:
apr/src/apr-1.6.5/threadproc/win32/proc.c
Context:
The highlighted line of code below is the trigger point of this particular Alpine 3.9 access weakness.
}
si.hStdError = GetStdHandle(STD_ERROR_HANDLE);
if (attr->child_err && attr->child_err->filehand)
{
if (GetHandleInformation(si.hStdError,
&stderr_reset)
&& (stderr_reset &= HANDLE_FLAG_INHERIT))
SetHandleInformation(si.hStdError,
HANDLE_FLAG_INHERIT, 0);
if ( (si.hStdError = attr->child_err->filehand)
!= INVALID_HANDLE_VALUE )
SetHandleInformation(si.hStdError, HANDLE_FLAG_INHERIT,
HANDLE_FLAG_INHERIT);
}
}
if (attr->user_token) {
/* XXX: for terminal services, handles can't be cannot be
* inherited across sessions. This process must be created
* in our existing session. lpDesktop assignment appears
* to be wrong according to these rules.
*/
si.lpDesktop = L"Winsta0\\Default";
if (!ImpersonateLoggedOnUser(attr->user_token)) {
/* failed to impersonate the logged user */
rv = apr_get_os_error();
CloseHandle(attr->user_token);
attr->user_token = NULL;
LeaveCriticalSection(&proc_lock);
return rv;
}
rv = CreateProcessAsUserW(attr->user_token,
wprg, wcmd,
attr->sa,
NULL,
TRUE,
dwCreationFlags,
pEnvBlock,
wcwd,
&si, &pi);
RevertToSelf();
}
else {
rv = CreateProcessW(wprg, wcmd, /* Executable & Command line */
NULL, NULL, /* Proc & thread security attributes */
TRUE, /* Inherit handles */
dwCreationFlags, /* Creation flags */
pEnvBlock, /* Environment block */ 
