globus -- Multiple tmpfile races

The Globus Alliance reports:

The proxy generation tool (grid-proxy-init) creates the
file, secures the file to provide access only to owner and
writes proxy to the file. A race condition exists between
the opening of the proxy credentials file, and making sure
it is safe file to write to. The checks to ensure this
file is accessible only to the owner take place using the
filename after the file is opened for writing, but before
any data is written.

Various components of the toolkit use files in shared
directories to store information, some being sensitive
information. For example, the tool to create proxy
certificates, stores the generated proxy certificate by
default in /tmp. Specific vulnerabilities in handling such
files were reported in myproxy-admin-adduser, grid-ca-sign
and grid-security-config.