alpine 3.8
tmpfile weakness #10

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

perl/src/perl-5.26.3/iperlsys.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 tmpfile weakness.

 #define PerlLIO_chmod(file, mode)	chmod((file), (mode))
#define PerlLIO_chown(file, owner, grp)	chown((file), (owner), (grp))
#if defined(HAS_TRUNCATE)
#  define PerlLIO_chsize(fd, size)	ftruncate((fd), (size))
#elif defined(HAS_CHSIZE)
#  define PerlLIO_chsize(fd, size)	chsize((fd), (size))
#else
#  define PerlLIO_chsize(fd, size)	my_chsize((fd), (size))
#endif
#define PerlLIO_close(fd)		close((fd))
#define PerlLIO_dup(fd)			dup((fd))
#define PerlLIO_dup2(fd1, fd2)		dup2((fd1), (fd2))
#define PerlLIO_flock(fd, op)		FLOCK((fd), (op))
#define PerlLIO_fstat(fd, buf)		Fstat((fd), (buf))
#define PerlLIO_ioctl(fd, u, buf)	ioctl((fd), (u), (buf))
#define PerlLIO_isatty(fd)		isatty((fd))
#define PerlLIO_link(oldname, newname)	link((oldname), (newname))
#define PerlLIO_lseek(fd, offset, mode)	lseek((fd), (offset), (mode))
#define PerlLIO_stat(name, buf)		Stat((name), (buf))
#ifdef HAS_LSTAT
#  define PerlLIO_lstat(name, buf)	lstat((name), (buf))
#else
#  define PerlLIO_lstat(name, buf)	PerlLIO_stat((name), (buf))
#endif
#define PerlLIO_mktemp(file)		mktemp((file))
#define PerlLIO_mkstemp(file)		mkstemp((file))
#define PerlLIO_open(file, flag)	open((file), (flag))
#define PerlLIO_open3(file, flag, perm)	open((file), (flag), (perm))
#define PerlLIO_read(fd, buf, count)	read((fd), (buf), (count))
#define PerlLIO_rename(old, new)	rename((old), (new))
#define PerlLIO_setmode(fd, mode)	setmode((fd), (mode))
#define PerlLIO_tmpnam(str)		tmpnam((str))
#define PerlLIO_umask(mode)		umask((mode))
#define PerlLIO_unlink(file)		unlink((file))
#define PerlLIO_utime(file, time)	utime((file), (time))
#define PerlLIO_write(fd, buf, count)	write((fd), (buf), (count))

#endif	/* PERL_IMPLICIT_SYS */

/*
    Interface for perl memory allocation
*/

#if defined(PERL_IMPLICIT_SYS)

/* IPerlMem		*/
struct IPerlMem;
struct IPerlMemInfo;
typedef void*		(*LPMemMalloc)(struct IPerlMem*, size_t);
typedef void*		(*LPMemRealloc)(struct IPerlMem*, void*, size_t); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.