fedora 25
tmpfile weakness #1

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

bitmap-1.0.8/bmtoa.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 tmpfile weakness.

 other dealings in this Software without prior written authorization
from The Open Group.

*/

/*
 * bmtoa - bitmap to ascii filter
 * Author:  Jim Fulton, MIT X Consortium
 */

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <stdio.h>
#include <X11/Xlib.h>
#include <X11/Xutil.h>
#include <X11/Xos.h>

#include <X11/Xmu/Drawing.h>

#include <stdlib.h>
#include <unistd.h>
#ifndef HAVE_MKSTEMP
extern char *mktemp();
#endif

static char *ProgramName;

static void print_scanline (unsigned int width, unsigned int height,
			    unsigned const char *data, const char *chars);

static void _X_NORETURN
usage (void)
{
    fprintf (stderr, "usage:  %s [-options ...] [filename]\n\n%s\n",
	     ProgramName,
	"where options include:\n"
	"    -chars cc        chars to use for 0 and 1 bits, respectively\n");
    exit (1);
}

static char *
copy_stdin (void)
{
#ifdef WIN32
    static char tmpfilename[] = "/temp/bmtoa.XXXXXX";
#else
    static char tmpfilename[] = "/tmp/bmtoa.XXXXXX";
#endif 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.