perl-MondoRescue-3.2.2-alt1_5.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/mr-analyze-lvm: $ grep /tmp/ /usr/bin/mr-analyze-lvm pb_log(1,"No LVM handling\n") ; } else { pb_log(1,"LVM Structure :".Dumper($lvm)."\n"); } open(LVM, "> /tmp/lvm.out") || mr_exit(-1, "Unable to write to /tmp/lvm.out"); $lvm = mr_lvm_analyze(\*LVM); close(LVM); open(LVM, "/tmp/lvm.out") || mr_exit(-1, "Unable to read to /tmp/lvm.out"); $lvm = mr_lvm_prepare(\*LVM,$OUTPUT,1); close(LVM); if (defined $opts{'o'}) { close($OUTPUT);;