GetTempPath is insecure #6701

issue luke-jr opened this issue on September 20, 2015
  1. luke-jr commented at 3:05 AM on September 20, 2015: member

    A number of standards (C89, POSIX, etc) had similar functions and people quickly learned it is not secure to generate temporary filenames until they are confirmed created (not merely opened). For example, an attacker may create symlinks in a race pointing to an arbitrary file the user owns that he wishes to corrupt. Boost may guarantee a unique filename, but there is a split-second before we open that file for an attacker to set up a link.

    This was fixed by mkstemp which ensures the file is newly created securely. We should do something similar.

  2. laanwj added the label Bug on Sep 22, 2015
  3. fanquake commented at 7:48 AM on June 22, 2016: member

    Should have been closed by #7667 ?

  4. MarcoFalke closed this on Jun 22, 2016
  5. laanwj commented at 9:04 AM on June 22, 2016: member

    Well we still use the function, albeit only in testing. Deliberately interfering with test results on a multi-user system is such a minor concern I agree it doesn't really warrant keeping open an issue.

  6. MarcoFalke locked this on Sep 8, 2021
Contributors
luke-jrfanquakelaanwj
Labels
Bug
Linked (view graph)
#7667 Move GetTempPath() to testutil
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me