alpine 3.6
tmpfile weakness #33

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

wine/src/wine-2.0.1/include/tchar.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 tmpfile weakness.

 #define _tctime       WINE_tchar_routine(ctime,           ctime,       _wctime)
#define _tenviron     WINE_tchar_routine(_environ,        _environ,    _wenviron)
#define _texecl       WINE_tchar_routine(execl,           _execl,      _wexecl)
#define _texecle      WINE_tchar_routine(execle,          _execle,     _wexecle)
#define _texeclp      WINE_tchar_routine(execlp,          _execlp,     _wexeclp)
#define _texeclpe     WINE_tchar_routine(execlpe,         _execlpe,    _wexeclpe)
#define _texecv       WINE_tchar_routine(execv,           _execv,      _wexecv)
#define _texecve      WINE_tchar_routine(execve,          _execve,     _wexecve)
#define _texecvp      WINE_tchar_routine(execvp,          _execvp,     _wexecvp)
#define _texecvpe     WINE_tchar_routine(execvpe,         _execvpe,    _wexecvpe)
#define _tfdopen      WINE_tchar_routine(fdopen,          _fdopen,     _wfdopen)
#define _tfinddata_t  WINE_tchar_routine(_finddata_t,     _finddata_t, _wfinddata_t)
#define _tfinddatai64_t WINE_tchar_routine(_finddatai64_t,_finddatai64_t,_wfinddatai64_t)
#define _tfindfirst   WINE_tchar_routine(_findfirst,      _findfirst,  _wfindfirst)
#define _tfindnext    WINE_tchar_routine(_findnext,       _findnext,   _wfindnext)
#define _tfopen       WINE_tchar_routine(fopen,           fopen,       _wfopen)
#define _tfreopen     WINE_tchar_routine(freopen,         freopen,     _wfreopen)
#define _tfsopen      WINE_tchar_routine(_fsopen,         _fsopen,     _wfsopen)
#define _tfullpath    WINE_tchar_routine(_fullpath,       _fullpath,   _wfullpath)
#define _tgetcwd      WINE_tchar_routine(getcwd,          _getcwd,     _wgetcwd)
#define _tgetenv      WINE_tchar_routine(getenv,          getenv,      _wgetenv)
#define _tmain        WINE_tchar_routine(main,            main,        wmain)
#define _tmakepath    WINE_tchar_routine(_makepath,       _makepath,   _wmakepath)
#define _tmkdir       WINE_tchar_routine(mkdir,           _mkdir,      _wmkdir)
#define _tmktemp      WINE_tchar_routine(mktemp,          _mktemp,     _wmktemp)
#define _tperror      WINE_tchar_routine(perror,          perror,      _wperror)
#define _topen        WINE_tchar_routine(open,            _open,       _wopen)
#define _totlower     WINE_tchar_routine(tolower,         _mbctolower, towlower)
#define _totupper     WINE_tchar_routine(toupper,         _mbctoupper, towupper)
#define _tpopen       WINE_tchar_routine(popen,           _popen,      _wpopen)
#define _tprintf      WINE_tchar_routine(printf,          printf,      wprintf)
#define _tremove      WINE_tchar_routine(remove,          remove,      _wremove)
#define _trename      WINE_tchar_routine(rename,          rename,      _wrename)
#define _trmdir       WINE_tchar_routine(rmdir,           _rmdir,      _wrmdir)
#define _tsearchenv   WINE_tchar_routine(_searchenv,      _searchenv,  _wsearchenv)
#define _tscanf       WINE_tchar_routine(scanf,           scanf,       wscanf)
#define _tsetlocale   WINE_tchar_routine(setlocale,       setlocale,   _wsetlocale)
#define _tsopen       WINE_tchar_routine(_sopen,          _sopen,      _wsopen)
#define _tspawnl      WINE_tchar_routine(_spawnl,         _spawnl,     _wspawnl)
#define _tspawnle     WINE_tchar_routine(_spawnle,        _spawnle,    _wspawnle)
#define _tspawnlp     WINE_tchar_routine(_spawnlp,        _spawnlp,    _wspawnlp)
#define _tspawnlpe    WINE_tchar_routine(_spawnlpe,       _spawnlpe,   _wspawnlpe)
#define _tspawnv      WINE_tchar_routine(_spawnv,         _spawnv,     _wspawnv)
#define _tspawnve     WINE_tchar_routine(_spawnve,        _spawnve,    _wspawnve)
#define _tspawnvp     WINE_tchar_routine(_spawnvp,        _spawnvp,    _tspawnvp)
#define _tspawnvpe    WINE_tchar_routine(_spawnvpe,       _spawnvpe,   _tspawnvpe)
#define _tsplitpath   WINE_tchar_routine(_splitpath,      _splitpath,  _wsplitpath)
#define _tstat        WINE_tchar_routine(_stat,           _stat,       _wstat)
#define _tstrdate     WINE_tchar_routine(_strdate,        _strdate,    _wstrdate)
#define _tstrtime     WINE_tchar_routine(_strtime,        _strtime,    _wstrtime) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.