centos 6
tmpfile weakness #4

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

krb5-appl-1.0.1/gssftp/ftp/ftp_var.h

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 tmpfile weakness.

 	char	*c_name;	/* name of command */
	char	*c_help;	/* help string */
	char	c_bell;		/* give bell when command completes */
	char	c_conn;		/* must be connected to use command */
	char	c_proxy;	/* proxy server may execute */
	void	(*c_handler)();	/* function to call */
};

struct macel {
	char mac_name[9];	/* macro name */
	char *mac_start;	/* start of macro in macbuf */
	char *mac_end;		/* end of macro in macbuf */
};

extern int macnum;		/* number of defined macros */
extern struct macel macros[16];
extern char macbuf[4096];

#ifdef DEFINITIONS
#undef extern
#endif

extern	char *tail();
#ifndef _WIN32
extern	char *mktemp();
#endif

extern int command(char *, ...)
#if !defined(__cplusplus) && (__GNUC__ > 2)
    __attribute__((__format__(__printf__, 1, 2)))
#endif
    ;

char *remglob (char **, int);
int another (int *, char ***, char *);
void makeargv (void);
void setpeer (int, char **);
void setclevel (int, char **);
void setdlevel (int, char **);
void ccc (void);
void setclear (void);
void setsafe (void);
void setprivate (void);
void settype (int, char **);
void changetype (int, int);
void setbinary (void);
void setascii (void);
void settenex (void);
void set_mode  (int, char **);
void setform  (int, char **); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.