critical impact:
mktemp - temp file security vulnerabilities (CrCh154)
Problem description
Some Tru64 UNIX mktemp functionality does not exist on HP-UX.
The mktemp utility makes a name that is suitable for use as the pathname of a temporary file, and writes that name to the standard output.
The Tru64 UNIX version of mktemp addresses the temp file security vulnerabilities that are inherent on HP-UX.
The syntax of the mktemp utility on Tru64 UNIX is:
mktemp [-dqt] [-p prefix_directory] [template]
The current syntax of the mktemp utility on HP-UX is:
mktemp [-c] [-d directory_name] [-p prefix]
You can use the following options with the mktemp utility on Tru64 UNIX. These options are not available with the HP-UX version of the mktemp utility.
- The -q option that fails silently if an error occurs.
- The -t option that creates a directory or file whose path prefix is as follows (in highest to lowest order of precedence):
- The value of the TMPDIR environment variable
- The argument to the -p option
- /tmp
Identifiers
 mktemp |
|
|
|
|
|
See also
Solution description
Review your code and the applicable manpages to determine how to resolve this issue.
If you are developing applications sensitive to security issues as noted here, consider using open source implementations of mktemp that address the temp file security vulnerabilities.
See also
Problem summary
| classifications |
source types |
OS release |
severity |
type |
| CMD |
Script |
any HP-UX 11i version |
critical |
changed |
|
