alpine 3.7
tmpfile weakness #28

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

php7-apcu/src/apcu-5.1.11/apc_lock.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 tmpfile weakness.

 # endif
#endif
#endif
} /* }}} */

PHP_APCU_API zend_bool apc_lock_create(apc_lock_t *lock) {
#ifndef PHP_WIN32
# ifndef APC_SPIN_LOCK
#   ifndef APC_FCNTL_LOCK
#       ifdef APC_LOCK_RECURSIVE
			{
				pthread_mutex_init(lock, &apc_lock_attr);
				return 1;
			}
#       else
			{
				/* Native */
				return (pthread_rwlock_init(lock, &apc_lock_attr)==SUCCESS);
			}
#       endif
# else
	{
		/* FCNTL */
		char lock_path[] = "/tmp/.apc.XXXXXX";
		mktemp(
			lock_path);
		(*lock) = open(lock_path, O_RDWR|O_CREAT, 0666);
		if((*lock) > 0 ) {
			unlink(
				lock_path);
			return 1;
		} else {
			return 0;
		}
	}
# endif
#else
	{
		/* SPIN */
		lock->state = 0;
		return 1;
	}

#endif
#else
	lock = (apc_lock_t *)apc_windows_cs_create((apc_windows_cs_rwlock_t *)lock);

	return (NULL != lock);
#endif
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.