centos 6
misc weakness #8

5

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

Never create NULL ACLs; an attacker can set it to Everyone.

File Name:

cmake-2.8.12.2/Source/cmWin32ProcessExecution.cxx

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 misc weakness.

   std::string& output, int& retVal, bool verbose, int /* timeout */,
  bool hideWindows)
{
  //verbose = true;
  //std::cerr << std::endl
  //        << "WindowsRunCommand(" << command << ")" << std::endl
  //        << std::flush;
  const int BUFFER_SIZE = 4096;
  char buf[BUFFER_SIZE];

//i/o buffer
  STARTUPINFO si;
  SECURITY_ATTRIBUTES sa;
  SECURITY_DESCRIPTOR sd;

//security information for pipes
  PROCESS_INFORMATION pi;
  HANDLE newstdin,newstdout,read_stdout,write_stdin;

//pipe handles
  if (IsWinNT())
//initialize security descriptor (Windows NT)
    {
    InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);
    SetSecurityDescriptorDacl(&sd, true, NULL, false);
    sa.lpSecurityDescriptor = &sd;

    }
  else sa.lpSecurityDescriptor = NULL;
  sa.nLength = sizeof(SECURITY_ATTRIBUTES);
  sa.bInheritHandle = true;

//allow inheritable handles
  if (!CreatePipe(&newstdin,&write_stdin,&sa,0))
//create stdin pipe
    {
    return false;
    }
  if (!CreatePipe(&read_stdout,&newstdout,&sa,0))
//create stdout pipe
    {
    CloseHandle(newstdin);
    CloseHandle(write_stdin);
    return false;

    }
  GetStartupInfo(&si);

//set startupinfo for the spawned process
  /* The dwFlags member tells CreateProcess how to make the 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.