perl-Snapback2-scripts-1.001-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/snapback_loop: $ grep /tmp/ /usr/bin/snapback_loop snapback_loop [-c configfile] & =head1 DESCRIPTION This script just loops looking for a file in the communication directory, by default /tmp/backups. It then calls snapback2 with the specified configuration file name root based in /etc/snapback. It exists to allow someone to start an ssh-agent, then walk away for unattended backup over a long period. ## type ssh key passphrase when prompted ssh-agent > ~/.sshenv . ~/.sshenv ssh-add snapback_loop >>/tmp/snapback_loop.log 2>&1 & or tcsh/csh: ## type ssh key passphrase when prompted ssh-agent -c > ~/.sshenv source ~/.sshenv ssh-add snapback_loop >>& /tmp/snapback_loop.log The author has a machine dedicated to Snapback2, and this is in the rc.local so it starts on boot. To initiate a backup, you just put entries in crontab like: 18 usr usr usr usr touch /tmp/backups/snapback The filename is the name of the snapback configuration file. The above would cause a call to: /usr/local/bin/snapback2 snapback -- } } my %Defaults = ( AlwaysEmail => 'No', LoopDirectory => '/tmp/backups', sendmail => "/usr/sbin/sendmail", SnapbackExecutable => '/usr/local/bin/snapback2', SnapbackOpts => '', ); -- $val = is_yes($val); } return $val; } my $COMM_DIR = get_cfg('LoopDirectory') || '/tmp/backups'; my $ERR_DIR = "$COMM_DIR/errors"; my $DONE_DIR = "$COMM_DIR/done"; my $SNAPBACK = get_cfg('SnapbackExecutable') || '/usr/local/bin/snapback2'; my $SNAPBACK_OPTS = get_cfg('SnapbackOpts') || '';;