Creation of Temporary File With Insecure Permissions

Draft Base

Structure: Simple

Description

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Common Consequences 3

Scope: Confidentiality

Impact: Read Application Data

If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed.

Scope: AuthorizationOther

Impact: Other

If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges.

Scope: IntegrityOther

Impact: Other

Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership.

Potential Mitigations 3

Phase: Requirements

Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.

Phase: Implementation

Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file.

Phase: Implementation

Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places.

Demonstrative Examples 1

ID : DX-139

In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.

Code Example:

Bad

// write data to tmp file* ... // remove tmp file rmtmp();

However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.

Code Example:Bad
Java
java

Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.

Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually "/tmp" or "/var/tmp" and on Windows systems the default directory is usually "C:\\Windows\\Temp", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file.

Observed Examples 1

CVE-2022-24823A network application framework uses the Java function createTempFile(), which will create a file that is readable by other local users of the system

References 1

The CLASP Application Security Process

Secure Software, Inc.

2005

https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)

ID: REF-18

Likelihood of Exploit

High

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Insecure Temporary File (CWE-377)

Taxonomy Mapping

CLASP