alpine 3.6
tmpfile weakness #97

4

Weakness Breakdown


Definition:

A temporary file weakness occurs when a temporary file that is created and used by a high-privilege process is accidentally shared with a low-privilege process, on account of it being temporary and generated after all security controls have been applied. This allows the low-privilege process to read data from the high-privilege process (information leakage), or worse, influence the high-privilege process by modifying the shared temporary file.

Warning code(s):

Temporary file race condition.

File Name:

twm/src/twm-1.0.9/src/session.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 tmpfile weakness.

 

#ifndef HAVE_MKSTEMP
static char *
unique_filename (
    const char *path,
    const char *prefix)
#else
static char *
unique_filename (
    const char *path,
    const char *prefix,
    int *pFd)
#endif

{
#ifndef HAVE_MKSTEMP
#ifndef X_NOT_POSIX
    return ((char *) tempnam (path, prefix));
#else
    char tempFile[PATH_MAX];
    char *tmp;

    snprintf (tempFile, sizeof(tempFile), "%s/%sXXXXXX", path, prefix);
    tmp = (char *) mktemp (tempFile);
    if (tmp)
	return strdup (tmp);
    else
	return (NULL);
#endif
#else
    char tempFile[PATH_MAX];
    char *ptr;

    snprintf (tempFile, sizeof(tempFile), "%s/%sXXXXXX", path, prefix);
    ptr = strdup (tempFile);
    if (ptr != NULL)
	*pFd = mkstemp (ptr);
    return ptr;
#endif
}



static void
SaveYourselfPhase2CB (SmcConn smcConn, SmPointer clientData)
{
    int scrnum;
    ScreenInfo *theScreen;
    TwmWindow *theWindow; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.