alpine 3.9
tmpfile weakness #16


Weakness Breakdown


A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.9 tmpfile weakness.

 		do {
			ssize_t count = write(fd_out, buf + written, n - written);
			if (count == -1) {
				if (errno != EAGAIN && errno != EINTR) {
					fatal("Failed to copy fd");
			} else {
				written += count;
		} while (written < n);


// Cheap and nasty mkstemp replacement.
mkstemp(char *template)
#ifdef __GNUC__
	#pragma GCC diagnostic push
	#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#ifdef __GNUC__
	#pragma GCC diagnostic pop
	return open(template, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);

#ifndef _WIN32
static mode_t
	static bool mask_retrieved = false;
	static mode_t mask;
	if (!mask_retrieved) {
		mask = umask(0);
		mask_retrieved = true;
	return mask;

// Copy src to dest, decompressing src if needed. compress_level > 0 decides
// whether dest will be compressed, and with which compression level. Returns 0
// on success and -1 on failure. On failure, errno represents the error. 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.