centos 6
misc weakness #9
Weakness Breakdown
Definition:
The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.
Warning code(s):
Never create NULL ACLs; an attacker can set it to Everyone.
File Name:
httpd-2.2.15/srclib/apr/threadproc/win32/proc.c
Context:
The highlighted line of code below is the trigger point of this particular Centos 6 misc weakness.
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&user)) {
/* Logon Failed */
return apr_get_os_error();
}
if (wpassword)
memset(wpassword, 0, wlen * sizeof(apr_wchar_t));
/* Get the primary token for user */
if (!DuplicateTokenEx(user,
TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY,
NULL,
SecurityImpersonation,
TokenPrimary,
&(attr->user_token))) {
/* Failed to duplicate the user token */
rv = apr_get_os_error();
CloseHandle(user);
return rv;
}
CloseHandle(user);
attr->sd = apr_pcalloc(attr->pool, SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(attr->sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(attr->sd, -1, 0, 0);
attr->sa = apr_palloc(attr->pool, sizeof(SECURITY_ATTRIBUTES));
attr->sa->nLength = sizeof (SECURITY_ATTRIBUTES);
attr->sa->lpSecurityDescriptor = attr->sd;
attr->sa->bInheritHandle = FALSE;
/* register the cleanup */
apr_pool_cleanup_register(attr->pool, (void *)attr,
attr_cleanup,
apr_pool_cleanup_null);
return APR_SUCCESS;
}
else
return APR_ENOTIMPL;
#endif
}
APR_DECLARE(apr_status_t) apr_procattr_group_set(apr_procattr_t *attr,
const char *groupname)
{
/* Always return SUCCESS cause groups are irrelevant */
return APR_SUCCESS;
}
static const char* has_space(const char *str)
{ 
