centos 6
tmpfile weakness #53

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

glibc-2.12-2-gc4ccff1/dirent/opendir-tst1.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 tmpfile weakness.

   if (dirp != NULL)
    {
      /* Oh, oh, how can this work?  */
      fputs ("'opendir' succeeded on a FIFO???\n", stdout);
      closedir (dirp);
      return 1;
    }

  if (errno != ENOTDIR)
    {
      fprintf (stdout, "'opendir' return error '%s' instead of '%s'\n",
	       strerror (errno), strerror (ENOTDIR));
      return 1;
    }

  return 0;
}


static int
do_test (int argc, char *argv[])
{
  int retval;

  if (mktemp (tmpname) == NULL)
    {
      perror ("mktemp");
      return 1;
    }

  /* Try to generate a FIFO.  */
  if (mknod (tmpname, 0600 | S_IFIFO, 0) < 0)
    {
      perror ("mknod");
      /* We cannot make this an error.  */
      return 0;
    }

  retval = real_test ();

  remove (tmpname);

  return retval;
}


static void
do_cleanup (void)
{
  remove (tmpname); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.