Insecure /tmp usage with static path (use mktemp instead or not shared /tmp)

[emanuelb]

Files / Folders are used in /tmp with static/predictable names, which is bad practice and in general as it's vulnerable to malicious usage from other users on the system (it's worth to fix even if it's not problematic in the specific case as it's still bad code) examples are: /tmp/bwt.tar.gz /tmp/bitcoin.tar.gz https://github.com/ez-org/eznode/blob/392290b45ebd1d5887a4194ab60a514b474bb9b9/bwt/install#L12-L18 https://github.com/ez-org/eznode/blob/392290b45ebd1d5887a4194ab60a514b474bb9b9/bitcoind/install#L4-L8

Using mktemp to generate the tmp file is better, also creating a temporary directory with mktemp -d and working with static names in it is ok (or creating temp dir for each usage by mktemp -d --suffix='-some-related-suffix'), also not using shared /tmp/ but another location like /home/user/tmp/ is also a fix. There more /tmp/ usage instances in this codebase which should be fixed.

[shesek]

What are the disadvantages you see for this, given that this is running in an isolated predictable environment and there's no chance of naming collisions?

[emanuelb]

1. it's bad practice + bad code.
2. code reuse of this pattern may result in worse outcome (such as someone using this code as base for installation on bare linux not in container, etc..)
3. there's might be small chance of collisions either by coincidence or attack to pass security boundary (other users / processes with different MAC/sandboxes [selinux/apparmor] profiles) for this kind of tmp usage.

it's better to fix it as explained above (mktemp usage).