alpine 3.6
tmpfile weakness #34

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

cvs/src/cvs-1.11.23/emx/filesubr.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 tmpfile weakness.

 	free (buf1);
	free (buf2);
    }
	
    (void) close (fd1);
    (void) close (fd2);
    return (ret);
}


/* Just in case this implementation does not define this.  */
#ifndef L_tmpnam
#define	L_tmpnam 50
#endif


#ifdef LOSING_TMPNAM_FUNCTION
char *
cvs_temp_name ()
{
    char value[L_tmpnam + 1];

    /* FIXME: Should be using TMPDIR.  */
    strcpy (value, "/tmp/cvsXXXXXX");
    mktemp (value);
    return xstrdup (value);
}
#else
/* Generate a unique temporary filename.  Returns a pointer to a newly
   malloc'd string containing the name.  Returns successfully or not at
   all.  */
char *
cvs_temp_name ()
{
    char value[L_tmpnam + 1];
    char *retval;

    /* FIXME: should be using TMPDIR, perhaps by using tempnam on systems
       which have it.  */
    retval = tmpnam (value);
    if (retval == NULL)
	error (1, errno, "cannot generate temporary filename");
    return xstrdup (retval);
}
#endif



/* char *
 * xresolvepath ( const char *path ) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.