alpine 3.6
tmpfile weakness #26

Creating and using insecure temporary files.

2

Weakness Breakdown


Warning code(s):

Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library.

File Name:

./src/Linux-PAM-1.2.1/modules/pam_pwhistory/opasswd.c

Context:
newpf_fd = mkstemp (opasswd_tmp);

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.