alpine 3.6
tmpfile weakness #21


Weakness Breakdown


A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 tmpfile weakness.


/* Creates a temporary file for writing WARC output.
   The temporary file will be created in opt.warc_tempdir.
   Returns the pointer to the temporary file, or NULL. */
warc_tempfile (void)
  char filename[100];
  int fd;

  if (path_search (filename, 100, opt.warc_tempdir, "wget", true) == -1)
    return NULL;

#ifdef __VMS
  /* 2013-07-12 SMS.
   * mkostemp()+unlink()+fdopen() scheme causes trouble on VMS, so use
   * mktemp() to uniquify the (VMS-style) name, and then use a normal
   * fopen() with a "create temp file marked for delete" option.
    char *tfn;

    tfn = mktemp (filename);            /* Get unique name from template. */
    if (tfn == NULL)
      return NULL;
    return fopen (tfn, "w+", "fop=tmd");    /* Create auto-delete temp file. */
#else /* def __VMS */
  fd = mkostemp (filename, O_TEMPORARY);
  if (fd < 0)
    return NULL;

  if (unlink (filename) < 0)
      return NULL;

  return fdopen (fd, "wb+");
#endif /* def __VMS [else] */

/* Writes a request record to the WARC file.
   url  is the target uri of the request,
   timestamp_str  is the timestamp of the request (generated with warc_timestamp), 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.