alpine 3.9
tmpfile weakness #23

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

redland/src/redland-1.0.17/src/rdf_files.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 tmpfile weakness.

   if(!tmp_dir)
    tmp_dir="/tmp";

  length=strlen(tmp_dir) + strlen(file_template) + 2; /* 2: / sep and \/0 */
  
  name = LIBRDF_MALLOC(char*, length);
  if(!name)
    return NULL;

  /* FIXME: unix dependency - file/dir separator */
  sprintf(name, "%s/%s", tmp_dir, file_template);
  
#ifdef HAVE_MKSTEMP
  /* Proritise mkstemp() since GNU libc says: Never use mktemp(). */
  fd=mkstemp(name);
  if(fd<0) {
    LIBRDF_FREE(char*, name);
    return NULL;
  }
  close(fd);
  unlink(name);

  return name;  
#else
  return mktemp(name);
#endif

#else
#ifdef HAVE_TMPNAM
  /* GNU libc says: Never use this function. Use mkstemp(3) instead. */
  char *name;
  char *new_name;

  name=tmpnam(NULL); /* NULL ensures statically allocated */
  new_name = LIBRDF_MALLOC(char*, strlen(name) + 1);
  if(!new_name)
    return NULL;
  strcpy(new_name, name);

  return name;
#else /* not tmpnam(), mkstemp() or mktemp() */
HELP
#endif
#endif
}
#endif

#endif

 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.