centos 6
tmpfile weakness #10

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

mvapich-1.2rc1/psm/mpe/profiling/wrappergen/system.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 tmpfile weakness.

 #include <pwd.h>
#endif
#include <ctype.h>
/*
   Here's an unpleasent fact.  On Intel systems, include-ipsc/sys/types.h 
   contains "typedef long time_t" and
   include/time.h contains "typedef long int time_t".  We can fix this by 
   defining __TIME_T after types.h is included.
 */
#include <sys/types.h>
#if defined(intelnx) && !defined(intelparagon) && !defined(__TIME_T)
#define __TIME_T
#endif
#include <sys/stat.h>
/* Here's an unpleasent fact.  On Intel systems, unistd contains REDEFINITIONS
   of SEEK_SET, SEEK_CUR, and SEEK_END that are not guarded (in fact, the 
   unistd.h file contains no guards against multiple inclusion!).  */
#if defined(intelnx) && !defined(intelparagon)
#undef SEEK_SET
#undef SEEK_CUR
#undef SEEK_END
#endif
#include <unistd.h>

extern char *mktemp();
extern char *getcwd();

/* WARNING - some systems don't have stdlib.h */
#if !defined(NOSTDHDR)
#include <stdlib.h>

#if defined(tc2000)
extern char *getenv();
#endif

#else
extern char *getenv();
#endif

#if defined(__MSDOS__)
typedef unsigned short u_short;
#endif
#if (defined(intelnx) && !defined(intelparagon)) || defined(__MSDOS__)
typedef u_short uid_t;
typedef u_short gid_t;
#endif

#ifndef __MSDOS__
/*@
   SYGetFullPath - Given a filename, return the fully qualified  

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.