centos 6
tmpfile weakness #15


Weakness Breakdown


A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 6 tmpfile weakness.

 * A couple of forward declarations that are needed on systems that do
 * not supply C runtime library prototypes.
#ifdef NO_PROTO
IZ_IMP char *strcpy();
IZ_IMP char *strcat();
IZ_IMP char *strrchr();
/* XXX use !defined(ZMEM) && !defined(__hpux__) ? */
#if !defined(ZMEM) && defined(NO_STRING_H)
IZ_IMP char *memset();
IZ_IMP char *memcpy();
#endif /* !ZMEM && NO_STRING_H */

/* XXX use !defined(__hpux__) ? */
#ifdef NO_STDLIB_H
IZ_IMP char *calloc();
IZ_IMP char *malloc();
IZ_IMP char *getenv();
IZ_IMP long atol();
#endif /* NO_STDLIB_H */

#ifndef NO_MKTEMP
IZ_IMP char *mktemp();
#endif /* !NO_MKTEMP */

#endif /* NO_PROTO */

 * SEEK_* macros, should be defined in stdio.h
/* Define fseek() commands */
#ifndef SEEK_SET
#  define SEEK_SET 0
#endif /* !SEEK_SET */

#ifndef SEEK_CUR
#  define SEEK_CUR 1
#endif /* !SEEK_CUR */

#ifndef FALSE
#  define FALSE 0

#ifndef TRUE
#  define TRUE 1

#ifdef NO_SIZE_T 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.