alpine 3.6
access weakness #22

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

wine/src/wine-2.0.1/dlls/advapi32/tests/security.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

     ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have "
       "failed with ERROR_NOACCESS, instead of %d\n", err);
    ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
       "Access and/or AccessStatus were changed!\n");

    /* Access denied by SD */
    SetLastError(0xdeadbeef);
    Access = AccessStatus = 0x1abe11ed;
    ret = AccessCheck(SecurityDescriptor, Token, KEY_WRITE, &Mapping,
                      PrivSet, &PrivSetLen, &Access, &AccessStatus);
    ok(ret, "AccessCheck failed with error %d\n", GetLastError());
    err = GetLastError();
    ok(!AccessStatus && err == ERROR_ACCESS_DENIED, "AccessCheck should have failed "
       "with ERROR_ACCESS_DENIED, instead of %d\n", err);
    ok(!Access, "Should have failed to grant any access, got 0x%08x\n", Access);

    SetLastError(0xdeadbeef);
    PrivSet->PrivilegeCount = 16;
    ret = AccessCheck(SecurityDescriptor, Token, ACCESS_SYSTEM_SECURITY, &Mapping,
                      PrivSet, &PrivSetLen, &Access, &AccessStatus);
    ok(ret && !AccessStatus && GetLastError() == ERROR_PRIVILEGE_NOT_HELD,
        "AccessCheck should have failed with ERROR_PRIVILEGE_NOT_HELD, instead of %d\n",
        GetLastError());

    ret = ImpersonateLoggedOnUser(Token);
    ok(ret, "ImpersonateLoggedOnUser failed with error %d\n", GetLastError());
    ret = pRtlAdjustPrivilege(SE_SECURITY_PRIVILEGE, TRUE, TRUE, &Enabled);
    if (!ret)
    {
        /* Valid PrivSet with zero PrivSetLen */
        SetLastError(0xdeadbeef);
        Access = AccessStatus = 0x1abe11ed;
        PrivSetLen = 0;
        ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
                          PrivSet, &PrivSetLen, &Access, &AccessStatus);
        err = GetLastError();
    todo_wine
        ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
           "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
    todo_wine
        ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
    todo_wine
        ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
           "Access and/or AccessStatus were changed!\n");

        /* Valid PrivSet with insufficient PrivSetLen */
        SetLastError(0xdeadbeef);
        Access = AccessStatus = 0x1abe11ed;
        PrivSetLen = sizeof(PRIVILEGE_SET) - 1;
        ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping, 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.