Multiple choice technology security

The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here. int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);

  1. Since the file name is hard coded, fopen() will fail if the file already exists

  2. 0600 is not a secure option. The parameter 0600 should be changed to 0666

  3. Attackers can exploit by creating a symboling link /tmp/cache_data that points to a system file

  4. Attackers can exploit the application's cache by writing directly to /tmp/cache_data

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

The code has a TOCTOU (Time-of-Check-Time-of-Use) vulnerability specifically a symlink race condition. Attackers can create a symbolic link at /tmp/cache_data that points to sensitive system files (like /etc/passwd). When the daemon opens /tmp/cache_data with O_CREAT, it will follow the symlink and overwrite the target file with daemon privileges. Option C is correct. Option A is wrong because fopen with O_CREAT doesn't fail if file exists. Option B is wrong - 0600 (owner read/write only) is secure, 0666 would be world-readable which is LESS secure.