alpine 3.8
tmpfile weakness #67

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

nx-libs/src/nx-libs-3.5.0.32/nx-X11/programs/Xserver/xkb/ddxList.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 tmpfile weakness.

 Bool	haveDir;
#ifdef WIN32
char	tmpname[PATH_MAX];
#endif

    if ((list->pattern[what]==NULL)||(list->pattern[what][0]=='\0'))
	return Success;
    file= list->pattern[what];
    map= strrchr(file,'(');
    if (map!=NULL) {
	char *tmp;
	map++;
	tmp= strrchr(map,')');
	if ((tmp==NULL)||(tmp[1]!='\0')) {
	    /* illegal pattern.  No error, but no match */
	    return Success;
	}
    }

    in= NULL;
    haveDir= True;
#ifdef WIN32
    strcpy(tmpname, Win32TempDir());
    strcat(tmpname, "\\xkb_XXXXXX");
    (void) mktemp(tmpname);
#endif
    if (XkbBaseDirectory!=NULL) {
	if ((list->pattern[what][0]=='*')&&(list->pattern[what][1]=='\0')) {
	    buf = Xprintf("%s/%s.dir",XkbBaseDirectory,componentDirs[what]);
	    in= fopen(buf,"r");
	    xfree (buf);
	    buf = NULL;
	}
	if (!in) {
	    haveDir= False;
	    buf = Xprintf(
		"'%s/xkbcomp' '-R%s/%s' -w %ld -l -vlfhpR '%s'" W32_tmparg,
                XkbBinDirectory,XkbBaseDirectory,componentDirs[what],(long)
		((xkbDebugFlags<2)?1:((xkbDebugFlags>10)?10:xkbDebugFlags)),
		file W32_tmpfile
                );
	}
    }
    else {
	if ((list->pattern[what][0]=='*')&&(list->pattern[what][1]=='\0')) {
	    buf = Xprintf("%s.dir",componentDirs[what]);
	    in= fopen(buf,"r");
	    xfree (buf);
	    buf = NULL;
	} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.