miniupnpd-2.3.4-alt1_3.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/miniupnpd/nft_init.sh: $ grep /tmp/ /etc/miniupnpd/nft_init.sh exit 0 fi echo "Creating nftables structure" cat > /tmp/miniupnpd.nft <<EOF table inet $TABLE { chain forward { type filter hook forward priority 0; policy accept; EOF if [ "$TABLE" != "$NAT_TABLE" ] then cat >> /tmp/miniupnpd.nft <<EOF } table inet $NAT_TABLE { EOF fi cat >> /tmp/miniupnpd.nft <<EOF chain prerouting { type nat hook prerouting priority -100; policy accept; # miniupnpd -- chain $POSTROUTING_CHAIN { } } EOF chcon system_u:object_r:iptables_tmp_t:s0 /tmp/miniupnpd.nft $NFT -f /tmp/miniupnpd.nft rm /tmp/miniupnpd.nft;