alpine 3.9
tmpfile weakness #72

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

hylafax/src/hylafax-6.0.7/libhylafax/Sys.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 tmpfile weakness.

 	{ ::execv(path, (const char**) argv); }
#else
	{ ::execv(path, argv); }
#endif
    static void execve(const char* path, char* const* argv, char* const* envp)
#ifdef CONFIG_BADEXECVEPROTO
	{ ::execve(path, (const char**) argv, (const char**) envp); }
#else
	{ ::execve(path, argv, envp); }
#endif
    static pid_t waitpid(pid_t pid, int& status, int options = 0)
	{ return ::waitpid(pid, &status, options); }
    static void waitpid(pid_t pid)	{ ::waitpid(pid, NULL, 0); }

    static int getopt(int argc, char* const* argv, const char* optstring)
#ifdef CONFIG_BADGETOPTPROTO
	{ return ::getopt(argc, (char**) argv, (char*) optstring); }
#else
	{ return ::getopt(argc, argv, optstring); }
#endif

    static int gethostname(char* name, int namelen)
	{ return ::gethostname(name, namelen); }

    static char* mktemp(char* templ)	{ return ::mktemp(templ); }

    static int mkstemp(char* templ)	{
        int fd = ::mkstemp(templ);
#if defined __GLIBC__ && __GLIBC__ <= 2 && __GLIBC_MINOR__ <= 0
        // Hack for older versions of glibc which do not set the file
        // permissions correctly
        if (fchmod(fd, S_IRUSR | S_IWUSR) == -1) return -1;
#endif
        return fd;
    }

    static char* mkdtemp(char* templ)	{ return ::mkdtemp(templ); }

    static FILE* tmpfile()	{ return ::tmpfile(); }
    static FILE* fopen(const char* filename, const char* mode)
	{ return ::fopen(filename, mode); }

    static int getOpenMax();
};
#endif /* _Sys_ */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.