alpine 3.9
access weakness #33


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.9 access weakness.

           tokeninfo, tokeninfolength);

    return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));

 * SetThreadToken [ADVAPI32.@]
 * Assigns an 'impersonation token' to a thread so it can assume the
 * security privileges of another thread or process.  Can also remove
 * a previously assigned token. 
 *   thread          [O] Handle to thread to set the token for
 *   token           [I] Token to set
 *  Success: TRUE. The threads access token is set to token
 *  Failure: FALSE.
 *  Only supported on NT or higher. On Win9X this function does nothing.
 *  See SetTokenInformation.
BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
    return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
                                                 ThreadImpersonationToken, &token, sizeof token ));

 * CreateRestrictedToken [ADVAPI32.@]
 * Create a new more restricted token from an existing token.
 *   baseToken       [I] Token to base the new restricted token on
 *   flags           [I] Options
 *   nDisableSids    [I] Length of disableSids array
 *   disableSids     [I] Array of SIDs to disable in the new token
 *   nDeletePrivs    [I] Length of deletePrivs array
 *   deletePrivs     [I] Array of privileges to delete in the new token
 *   nRestrictSids   [I] Length of restrictSids array
 *   restrictSids    [I] Array of SIDs to restrict in the new token
 *   newToken        [O] Address where the new token is stored
 *  Success: TRUE
 *  Failure: FALSE

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.