alpine 3.6
tmpfile weakness #43


Weakness Breakdown


A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 tmpfile weakness.

         if (len + strlen("lhXXXXXX") < sizeof(temporary_name))
            /* use directory at archive file */
            strcpy(s, "lhXXXXXX"); /* ok */
            /* use current directory */
            str_safe_copy(temporary_name, "lhXXXXXX", sizeof(temporary_name));
        /* use current directory */
        str_safe_copy(temporary_name, "lhXXXXXX", sizeof(temporary_name));
        int old_umask, fd;

        old_umask = umask(077);
        fd = mkstemp(temporary_name);
        return fd;
        int flags;

        flags = O_CREAT|O_EXCL|O_RDWR;
#ifdef O_BINARY
        flags |= O_BINARY;
        return open(temporary_name, flags, 0600);

/* ------------------------------------------------------------------------ */
static void
modify_filename_extention(buffer, ext, size)
    char           *buffer;
    char           *ext;
    size_t size;
    register char  *p, *dot;

    for (p = buffer, dot = (char *) 0; *p; p++) {
        if (*p == '.')
            dot = p;
        else if (*p == '/')
            dot = (char *) 0;

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.