fedora 25
tmpfile weakness #1


Weakness Breakdown


A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 25 tmpfile weakness.

 other dealings in this Software without prior written authorization
from The Open Group.


 * bmtoa - bitmap to ascii filter
 * Author:  Jim Fulton, MIT X Consortium

# include "config.h"

#include <stdio.h>
#include <X11/Xlib.h>
#include <X11/Xutil.h>
#include <X11/Xos.h>

#include <X11/Xmu/Drawing.h>

#include <stdlib.h>
#include <unistd.h>
extern char *mktemp();

static char *ProgramName;

static void print_scanline (unsigned int width, unsigned int height,
			    unsigned const char *data, const char *chars);

static void _X_NORETURN
usage (void)
    fprintf (stderr, "usage:  %s [-options ...] [filename]\n\n%s\n",
	"where options include:\n"
	"    -chars cc        chars to use for 0 and 1 bits, respectively\n");
    exit (1);

static char *
copy_stdin (void)
#ifdef WIN32
    static char tmpfilename[] = "/temp/bmtoa.XXXXXX";
    static char tmpfilename[] = "/tmp/bmtoa.XXXXXX";

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.