centos 7
tmpfile weakness #25

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

ocaml-4.05.0/yacc/main.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 tmpfile weakness.

 int nitems;
int nrules;
int ntotalrules;
int nsyms;
int ntokens;
int nvars;

int   start_symbol;
char  **symbol_name;
short *symbol_value;
short *symbol_prec;
char  *symbol_assoc;
char **symbol_tag;
char *symbol_true_token;

short *ritem;
short *rlhs;
short *rrhs;
short *rprec;
char  *rassoc;
short **derives;
char *nullable;

#if !defined(HAS_MKSTEMP)
extern char *mktemp(char *);
#endif
#ifndef NO_UNIX
extern char *getenv(const char *);
#endif


void done(int k)
{
#ifdef HAS_MKSTEMP
    if (action_fd != -1)
       unlink(action_file_name);
    if (entry_fd != -1)
       unlink(entry_file_name);
    if (text_fd != -1)
       unlink(text_file_name);
    if (union_fd != -1)
       unlink(union_file_name);
#else
    if (action_file) { fclose(action_file); unlink(action_file_name); }
    if (entry_file) { fclose(entry_file); unlink(entry_file_name); }
    if (text_file) { fclose(text_file); unlink(text_file_name); }
    if (union_file) { fclose(union_file); unlink(union_file_name); }
#endif
    if (output_file && k > 0) {
      fclose(output_file); unlink(output_file_name); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.