centos 7
tmpfile weakness #29

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

ntp-4.2.6p5/ports/winnt/include/config.h

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 tmpfile weakness.

 #define fdopen		_fdopen
#define read		_read
#define open		_open
#ifndef close
#define close		_close
#endif
#define write		_write
#define strdup		_strdup
#define stat		_stat		/*struct stat from  <sys/stat.h> */
#define fstat		_fstat
#define unlink		_unlink
/*
 * punt on fchmod on Windows
 */
#define fchmod(x,y)	{}
#define lseek		_lseek
#define pipe		_pipe
#define dup2		_dup2
/*
 * scale, unix sleep is seconds, Windows Sleep is msec
 */
#define sleep(x)	Sleep((unsigned)(x) * 1000)
#define fileno		_fileno
#define isatty		_isatty
#define mktemp		_mktemp
#define getpid		_getpid
#define timegm		_mkgmtime

typedef int pid_t;		/* PID is an int */
typedef int ssize_t;		/* ssize is an int */
typedef __int32 int32_t;	/* define a typedef for int32_t */
#define HAVE_INT32_T   1

/*
 * Map the stream to the file number
 */
#define STDOUT_FILENO	_fileno(stdout)
#define STDERR_FILENO	_fileno(stderr)

/*
 * To minimize Windows-specific changes to the rest of the NTP code,
 * particularly reference clocks, ntp_stdlib.h will
 *
 * #define strerror(e) ntp_strerror(e)
 *
 * to deal with our mixture of C runtime (open, write) and Windows
 * (sockets, serial ports) error codes.  This is an ugly hack because
 * both use the lowest values differently, but particularly for ntpd,
 * it's not a problem.
 */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.