Security: Predictable temp file names in /tmp vulnerable to symlink attacks
Resolved 💬 4 comments Opened Dec 15, 2025 by adereis Closed Feb 28, 2026
Summary
Claude Code creates temporary files with predictable names in global temporary directories (e.g., /tmp). This is vulnerable to symlink attacks (TOCTOU race conditions), a well-known class of security vulnerabilities.
The Attack
- Attacker predicts the filename Claude Code will create (e.g.,
/tmp/claude-export.csv) - Attacker pre-creates a symlink:
/tmp/claude-export.csv→~/.ssh/authorized_keys - Claude Code writes to what it believes is a temp file
- The symlink target is overwritten instead, leading to privilege escalation or data corruption
This is especially concerning in multi-user systems or shared environments.
Recommended Mitigations
- Use unpredictable filenames: Use
mktempor equivalent with random suffixes - Use private directories: Prefer
$XDG_RUNTIME_DIR(user-private, tmpfs-backed), or fall back to$TMPDIR/~/tmp - Use safe file creation flags:
O_EXCL | O_NOFOLLOWto fail if file exists or is a symlink - Set restrictive permissions: 0600 for files, 0700 for directories
References
- CWE-377: Insecure Temporary File
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- OWASP: Insecure Temporary File
Current Workaround
Users can instruct Claude Code to use ~/tmp instead of /tmp via CLAUDE.md, but this relies on user awareness and doesn't address the predictable filename issue.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗