CWE - CWE-378: Creation of Temporary File With Insecure Permissions (Draft 9)

Home > CWE List > CWE-378 Individual Dictionary Definition (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

CWE-378 Individual Dictionary Definition (Draft 9)

Weakness ID

Status: Draft

378 (Weakness Base)

Description

Summary

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Likelihood of Exploit

High

Common Consequences

Confidentiality: If the temporary file can be read, by the attacker, sensitive information may be in that file which could be revealed.

Authorization: If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges.

Potential Mitigations

Tempfile creation should be done in a safe way. To be safe, the temp file function should open up the temp file with appropriate access control. The temp file function should also retain this quality, while being resistant to race conditions.

Requirements specification: Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.

Implementation: Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process which own the file.

Implementation: Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places.

Demonstrative
Examples

C/C++ Example:

FILE *stream; char tempstring[] = "String to be written";
if( (stream = tmpfile()) == NULL ) {
perror("Could not open new temporary file\n");
return (-1);
}
/* write data to tmp file */
/* ... */
_rmtmp();

The temp file created in the above code is always readable and writable by all users.

Java Example:

try {
  File temp = File.createTempFile("pattern", ".suffix");
  temp.deleteOnExit();
  BufferedWriter out = new BufferedWriter(new FileWriter(temp));
  out.write("aString");
  out.close();
}
catch (IOException e) { }

This temp file is readable by all users.

Context Notes

Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership.

Relationships

Nature	Type	ID	Name
ChildOf	Category	376	Temporary File Issues
ChildOf	Category	275	Permission Issues

Source Taxonomies

CLASP - Improper temp file opening

Applicable Platforms

All

Page Last Updated: April 22, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us