[QUICK WIN] Temp file vulnerability in install script #8
Description
Security Vulnerability
The installation script creates predictable temporary files that could be exploited through symlink attacks.
Location
install-logging.sh:182
# VULNERABLE - predictable filename
cat > /tmp/update_claude_settings.py << EOFAttack Vector
- Attacker creates symlink:
ln -s /etc/passwd /tmp/update_claude_settings.py - Script overwrites target file with attacker's content
- Privilege escalation or data corruption
Fix (10 minutes)
# SECURE - unique filename
TEMP_FILE=$(mktemp /tmp/update_claude_XXXXXX.py)
trap "rm -f $TEMP_FILE" EXIT
# Set restrictive permissions
chmod 600 "$TEMP_FILE"
# Use the temp file
cat > "$TEMP_FILE" << EOF
...
EOF
# Clean up automatically on exitAdditional Improvements
# Use user-specific temp directory
TEMP_DIR="${TMPDIR:-/tmp}/${USER}"
mkdir -p -m 700 "$TEMP_DIR"
TEMP_FILE=$(mktemp "$TEMP_DIR/update_claude_XXXXXX.py")Validation
- Temp files use mktemp
- Permissions set to 600
- Cleanup on exit with trap
- No hardcoded filenames
Testing
# Verify mktemp creates unique files
for i in {1..10}; do mktemp /tmp/test_XXXXXX; done
# Should create 10 different filenamesEffort: 1 hour (Quick Win!)
References
- CWE-377: Insecure Temporary File
- https://cwe.mitre.org/data/definitions/377.html