alpine 3.8
tmpfile weakness #71

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

tcpflow/src/tcpflow-1.5.0/src/dfxml/src/dfxml_writer.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 tmpfile weakness.

 
// Implementation of mkstemp for windows found on pan-devel mailing
// list archive
// @http://www.mail-archive.com/pan-devel@nongnu.org/msg00294.html
#ifndef _S_IREAD
#define _S_IREAD 256
#endif

#ifndef _S_IWRITE
#define _S_IWRITE 128
#endif

#ifndef O_BINARY
#define O_BINARY 0
#endif

#ifndef _O_SHORT_LIVED
#define _O_SHORT_LIVED 0
#endif

#ifndef HAVE_MKSTEMP
int mkstemp(char *tmpl)
{
   int ret=-1;
   mktemp(tmpl);
   ret=open(tmpl,O_RDWR|O_BINARY|O_CREAT|O_EXCL|_O_SHORT_LIVED, _S_IREAD|_S_IWRITE);
   return ret;
}
#endif


#ifndef O_BINARY
#define O_BINARY 0
#endif

#ifndef _O_SHORT_LIVED
#define _O_SHORT_LIVED 0
#endif


//std::string dfxml_writer::xml_PRId32("%" PRId32); // gets around compiler bug
//std::string dfxml_writer::xml_PRIu32("%" PRIu32); // gets around compiler bug
//std::string dfxml_writer::xml_PRId64("%" PRId64); // gets around compiler bug
//std::string dfxml_writer::xml_PRIu64("%" PRIu64); // gets around compiler bug

static const char *cstr(const string &str){
    return str.c_str();
}

// XML escapes 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.