fedora 24
access weakness #3


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 24 access weakness.

   PROCESS_INFORMATION process_info = {};
  // 3rd parameter of CreateProcessAsUser must be a writable buffer.
  if (!::CreateProcessAsUser(primary_token.get(),
                             nullptr,   // No application name.
                             command_line->get(),  // must be writable.
                             FALSE,  // Do not inherit handles.
                             nullptr,   // Use the environment of the caller.
                             &process_info)) {
    const DWORD last_error = ::GetLastError();
    DLOG(ERROR) << "CreateProcessAsUser failed. Error: " << last_error;
    return false;

  if (security_attributes_ptr != nullptr) {

  // Change the token of the main thread of the new process for the
  // impersonation token with more rights.
  if (!::SetThreadToken(&process_info.hThread, impersonation_token.get())) {
    const DWORD last_error = ::GetLastError();
    DLOG(ERROR) << "SetThreadToken failed. Error: " << last_error;
    ::TerminateProcess(process_info.hProcess, 0);
    return false;
  if (thread_handle != nullptr) {
  } else {
  if (process_handle != nullptr) {
  } else {
  if (pid != nullptr) {
    *pid = process_info.dwProcessId;

  return true;

bool SpawnSandboxedProcessImpl(unique_ptr<wchar_t[]> *command_line, 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.