alpine 3.6
tmpfile weakness #76

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

xdm/src/xdm-1.1.11/config/Xsession.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 tmpfile weakness.

 XCOMM!SHELL_CMD
XCOMM

XCOMM redirect errors to a file in user's home directory if we can

errfile="$ HOME/.xsession-errors"
if ( umask 077 && cp /dev/null "$ errfile" 2> /dev/null )
then
	exec > "$ errfile" 2>&1
else
#ifdef MKTEMP_COMMAND
	mktemp=MKTEMP_COMMAND
	for errfile in "$ {TMPDIR-/tmp}/xses-$ USER" "/tmp/xses-$ USER"
	do
		if ef="$ ( umask 077 && $ mktemp "$ errfile.XXXXXX" 2> /dev/null)"
		then
			exec > "$ ef" 2>&1
			mv "$ ef" "$ errfile" 2> /dev/null
			break
		fi
	done
#else
XCOMM Since this system doesn't have a mktemp command to allow secure
XCOMM creation of files in shared directories, no fallback error log
XCOMM is being used.   See https://bugs.freedesktop.org/show_bug.cgi?id=5898
XCOMM
XCOMM 	for errfile in "$ {TMPDIR-/tmp}/xses-$ USER" "/tmp/xses-$ USER"
XCOMM	do
XCOMM		if ( umask 077 && cp /dev/null "$ errfile" 2> /dev/null )
XCOMM		then
XCOMM			exec > "$ errfile" 2>&1
XCOMM			break
XCOMM		fi
XCOMM	done

	exec > /dev/null 2>&1

#endif
fi

case $ # in
1)
	case $ 1 in
	failsafe)
		exec BINDIR/xterm -geometry 80x24-0-0
		;;
	esac
esac

XCOMM The startup script is not intended to have arguments. 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.