alpine 3.9
tmpfile weakness #29


Weakness Breakdown


A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.9 tmpfile weakness.


 * Check if the given anchor has an associated file-cache.
BOOLEAN LYCachedTemp(char *target,
		     char **cached)
    BOOLEAN result = FALSE;

    if (*cached) {
	LYStrNCpy(target, *cached, LY_MAXPATH);
	if (LYCanReadFile(target)) {
	    if (remove(target) != 0) {
		CTRACE((tfp, "cannot remove %s\n", target));
	result = TRUE;
    return result;

#define mkdtemp(path) ((mktemp(path) != 0) && (mkdir(path, 0700) == 0))

 * Open a temp-file, ensuring that it is unique, and not readable by other
 * users.
 * The mode can be one of: "w", "a", "wb".
FILE *LYOpenTemp(char *result,
		 const char *suffix,
		 const char *mode)
    FILE *fp = 0;
    BOOL txt = TRUE;
    char wrt = 'r';
    LY_TEMP *p;

    CTRACE((tfp, "LYOpenTemp(,%s,%s)\n", suffix, mode));
    if (result == 0)
	return 0;

    while (*mode != '\0') {
	switch (*mode++) {
	case 'w':
	    wrt = 'w'; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.