Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 6
tmpfile weakness #1


Weakness Breakdown


A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:



The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 tmpfile weakness.

 int	getrlimit(int, struct rlimit *);
int	getsockname(int, struct sockaddr *, int *);
int	getsockopt(int, int, int, char *, int *);
#ifdef __STDC__
struct	timeval;
struct	timezone;
int	gettimeofday(struct timeval *, struct timezone *);
char	*getusershell(void);
char	*getwd(char *);
int	initgroups(const char *, int);
int	ioctl(int, int, caddr_t);
int	iruserok(u_long, int, char *, char *);
int	isatty(int);
int	killpg(int, int);
int	listen(int, int);
#ifdef __STDC__
struct	utmp;
void	login(struct utmp *);
int	logout(const char *);
off_t	lseek(int, off_t, int);
int	lstat(const char *, struct stat *);
int	mkstemp(char *);
char	*mktemp(char *);
int	munmap(caddr_t, int);
void	openlog(const char *, int, int);
void	perror(const char *);
int	printf(const char *, ...);
int	puts(const char *);
long	random(void);
int	readlink(const char *, char *, int);
#ifdef __STDC__
struct	iovec;
int	readv(int, struct iovec *, int);
int	recv(int, char *, u_int, int);
int	recvfrom(int, char *, u_int, int, struct sockaddr *, int *);
int	rename(const char *, const char *);
int	rcmd(char **, u_short, char *, char *, char *, int *);
int	rresvport(int *);
int	send(int, char *, u_int, int);
int	sendto(int, char *, u_int, int, struct sockaddr *, int);
int	setenv(const char *, const char *, int);
int	seteuid(int);
int	setpriority(int, int, int);
int	select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
int	setpgrp(int, int);
void	setpwent(void);
int	setrlimit(int, struct rlimit *); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.