[原文]SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user.
MIPSPro Compiler creates predictable temporary files with the permissions of the user running the compiler. A malicious user can modify the contents of the temporary files and they will be executed as the user running the compiler.
Currently, there is no known patch or workaround for this vulnerability.
A vulnerability exists in the creation of temporary files, in the MIPSpro compiler suite from SGI. The C, C++, Fortran 77 and Fortran 90 compilers each create predictably named files in /tmp, with the permissions specified by the umask of the user running the compiler. As these are predictable, it makes it fairly easy for a malicious user to alter the contents of these files, in order to potentially execute code under the ID of the user compiling.
There is no exploit required.
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org.