alpine 3.6
tmpfile weakness #63

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

php7-apcu/src/apcu-5.1.8/apc_lock.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 tmpfile weakness.

 # endif
#endif
#endif
} /* }}} */

PHP_APCU_API zend_bool apc_lock_create(apc_lock_t *lock) {
#ifndef PHP_WIN32
# ifndef APC_SPIN_LOCK
#   ifndef APC_FCNTL_LOCK
#       ifdef APC_LOCK_RECURSIVE
	        {
		        pthread_mutex_init(lock, &apc_lock_attr);
		        return 1;
	        }
#       else
	        {
		        /* Native */
		        return (pthread_rwlock_init(lock, &apc_lock_attr)==SUCCESS);
	        }
#       endif
# else
    {
        /* FCNTL */
        char lock_path[] = "/tmp/.apc.XXXXXX";
        mktemp(
            lock_path);
        (*lock) = open(lock_path, O_RDWR|O_CREAT, 0666);
        if((*lock) > 0 ) {
            unlink(
                lock_path);
            return 1;
        } else {
            return 0;
        }
    }
# endif
#else
    {
        /* SPIN */
        lock->state = 0;
        return 1;
    }
    
#endif
#else
	lock = (apc_lock_t *)apc_windows_cs_create((apc_windows_cs_rwlock_t *)lock);

	return (NULL != lock);
#endif
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.