centos 6
tmpfile weakness #14


Weakness Breakdown


A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 6 tmpfile weakness.

 extern int wctomb();

extern size_t mbstowcs();
extern size_t wcstombs();

extern long a64l();
extern int dup2();
extern char *ecvt();
extern char *fcvt();
extern char *qecvt();
extern char *qfcvt();
extern char *qgcvt();
extern char *getcwd();
extern char *getlogin();
extern int getopt();
extern int getsubopt();
extern char *optarg;
extern int optind, opterr, optopt;
extern char *getpass();
extern int getpw();
extern char *gcvt();
extern int isatty();
extern char *l64a();
extern void *memalign();
extern char *mktemp();
extern int putenv();
extern char *realpath();
extern void setkey();
extern void swab();
extern char *ttyname();
extern int ttyslot();
extern void *valloc();
extern char *ptsname();
extern int  grantpt();
extern int  unlockpt();

extern double drand48();
extern double erand48();
extern long jrand48();
extern void lcong48();
extern long lrand48();
extern long mrand48();
extern long nrand48();
extern unsigned short *seed48();
extern void srand48();

extern long long atoll();
extern long long llabs();
extern lldiv_t lldiv(); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.