Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

sles 15.1
tmpfile weakness #13

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

gcc-8.2.1+r264010/gcc/ada/cio.c

Context:

The highlighted line of code below is the trigger point of this particular Sles 15.1 tmpfile weakness.

 
void
put_char (int c)
{
#ifdef RTX
  RtPrintf ("%c", c);
#else
  putchar (c);
#endif
}

void
put_char_stderr (int c)
{
#ifdef RTX
  RtPrintf ("%c", c);
#else
  fputc (c, stderr);
#endif
}

#ifdef __vxworks

char *
mktemp (char *template)
{
#if !(defined (__RTP__) || defined (VTHREADS))
  static char buf[L_tmpnam]; /* Internal buffer for name */

  /* If parameter is NULL use internal buffer */
  if (template == NULL)
    template = buf;

  __gnat_tmp_name (template);
  return template;
#else
  return tmpnam (NULL);
#endif
}
#endif

#ifdef __cplusplus
}
#endif 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.