Privileged programs Programs that create files in world-writable shared directories frequently can be exploited to overwrite protected system files. An For example, an attacker who can predict the name of a file created by a privileged program can create a symbolic link (with the same name as the file used by the program) to point to a protected system file. Unless the privileged program is coded securely, the program will follow the symbolic link instead of opening or creating the file that it is supposed to be using. As a result, the protected system file referenced by the symbolic link can be overwritten when the program is executed. Therefore, to To ensure that the name of the temporary file does not conflict with a preexisting file and that it cannot be guessed before the program is run, temporary files must be created with unique and unpredictable filenames.
...
The following non-compliant code creates some_file in the /tmp directory. The name is hard coded and consequently is thus not neither unique or nor unpredictable.
| Code Block | ||
|---|---|---|
| ||
FILE *fp = fopen("/tmp/some_file", "w");
|
...