fedora 24
access weakness #44

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

wine-mono-4.6.4/mono/mono/metadata/mono-security.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 access weakness.

 	return result;
}


gpointer
ves_icall_System_Security_Principal_WindowsImpersonationContext_DuplicateToken (gpointer token)
{
	gpointer dupe = NULL;

#ifdef HOST_WIN32
	if (DuplicateToken (token, SecurityImpersonation, &dupe) == 0) {
		dupe = NULL;
	}
#else
	dupe = token;
#endif
	return dupe;
}


gboolean
ves_icall_System_Security_Principal_WindowsImpersonationContext_SetCurrentToken (gpointer token)
{
	/* Posix version implemented in /mono/mono/io-layer/security.c */
	return (ImpersonateLoggedOnUser (token) != 0);
}


gboolean
ves_icall_System_Security_Principal_WindowsImpersonationContext_RevertToSelf (void)
{
	/* Posix version implemented in /mono/mono/io-layer/security.c */
	return (RevertToSelf () != 0);
}


/* System.Security.Principal.WindowsPrincipal */

gboolean
ves_icall_System_Security_Principal_WindowsPrincipal_IsMemberOfGroupId (gpointer user, gpointer group)
{
	gboolean result = FALSE;

#ifdef HOST_WIN32
	/* The convertion from an ID to a string is done in managed code for Windows */
	g_warning ("IsMemberOfGroupId should never be called on Win32");

#else /* HOST_WIN32 */

#ifdef HAVE_GETGRGID_R 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.