alpine 3.6
tmpfile weakness #36

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

lynx/src/lynx2-8-8/src/Xsystem.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 tmpfile weakness.

  *
 * Revision 1.13  1992/02/24  06:59:13  serow
 * *** empty log message ***
 *
 * Revision 1.12  1991/04/09  08:48:20  serow
 * ignore new line at command line tail
 *
 * Revision 1.11  1991/03/12  07:12:50  serow
 * CMDLINE
 *
 * Revision 1.10  91/02/24  05:10:14  serow
 * 2>&1
 *
 * Revision 1.9  91/02/22  07:01:17  serow
 * NEAR for ms-c
 *
 */
#include <LYUtils.h>
#include <LYStrings.h>
#include <LYGlobalDefs.h>

#ifdef DOSPATH
#include <io.h>
#else
extern char *mktemp(char *);
#endif

#ifndef USECMDLINE
#define USECMDLINE	0
#endif

#ifndef TRUE
#define TRUE	1
#define FALSE	0
#endif

#define	TABLESIZE(v)	(sizeof(v)/sizeof(v[0]))

#define STR_MAX 512		/* MAX command line */

#define isk1(c)  ((0x81 <= UCH(c) && UCH(c) <= 0x9F) || (0xE0 <= UCH(c) && UCH(c) <= 0xFC))
#define isq(c)   ((c) == '"')
#define isspc(c) ((c) == ' ' || (c) == '\t')
#define issep(c) (isspc(c) || (c) == '"' || (c) == '\'' || (c) == '<' || (c) == '>' || (c) == 0)
#define issep2(c) (issep(c) || (c) == '.' || (c) == '\\' || (c) == '/')
#define isdeg(c) ('0' <= (c) && (c) <= '9')

#ifndef NEAR
#if 0				/* MS-C */
#define NEAR	_near 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.