A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.
Temporary file race condition.
The highlighted line of code below is the trigger point of this particular Centos 6 tmpfile weakness.
#include <pwd.h> #endif #include <ctype.h> /* Here's an unpleasent fact. On Intel systems, include-ipsc/sys/types.h contains "typedef long time_t" and include/time.h contains "typedef long int time_t". We can fix this by defining __TIME_T after types.h is included. */ #include <sys/types.h> #if defined(intelnx) && !defined(intelparagon) && !defined(__TIME_T) #define __TIME_T #endif #include <sys/stat.h> /* Here's an unpleasent fact. On Intel systems, unistd contains REDEFINITIONS of SEEK_SET, SEEK_CUR, and SEEK_END that are not guarded (in fact, the unistd.h file contains no guards against multiple inclusion!). */ #if defined(intelnx) && !defined(intelparagon) #undef SEEK_SET #undef SEEK_CUR #undef SEEK_END #endif #include <unistd.h> extern char *mktemp(); extern char *getcwd(); /* WARNING - some systems don't have stdlib.h */ #if !defined(NOSTDHDR) #include <stdlib.h> #if defined(tc2000) extern char *getenv(); #endif #else extern char *getenv(); #endif #if defined(__MSDOS__) typedef unsigned short u_short; #endif #if (defined(intelnx) && !defined(intelparagon)) || defined(__MSDOS__) typedef u_short uid_t; typedef u_short gid_t; #endif #ifndef __MSDOS__ /*@ SYGetFullPath - Given a filename, return the fully qualified