libatsha204 uses hard-coded names in `/tmp` -- potential security or reliability issue

src/libatsha204/configuration.h has:

#define LOCK_FILE "/tmp/libatsha204.lock"

and debug_report_failed_lock potentially appends text (and the contents of libatsha204.lock and the output of ps) to /tmp/atsha_ps.log.

An attacker with write-access to /tmp/ could put arbitrary contents in /tmp/libatsha204.lock, lock it, symlink atsha_ps.log to a sensitive file like /etc/shadow, and wait for the superuser to run something that uses this library. The result could be writing arbitrary text to /etc/shadow.

Admin message

Admin message

libatsha204 uses hard-coded names in `/tmp` -- potential security or reliability issue