perl-Sys-Virt-TCK-2.0.0-alt1_1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/libvirt-tck/tests/nwfilter/240-no-arp-spoofing.t: $ grep /tmp/ /usr/share/libvirt-tck/tests/nwfilter/240-no-arp-spoofing.t # check if IP address is listed ok($ebtable =~ "$guestip", "check ebtables entry"); # prepare tcpdump diag "prepare tcpdump"; system("/usr/sbin/tcpdump virbr0 not ip > /tmp/tcpdump.log &"); # log into guest diag "ssh'ing into $guestip"; my $ssh = Net::OpenSSH->new($guestip, user => "root", # now stop tcpdump and verify result diag "stopping tcpdump"; system("kill -15 `pidof tcpdump`"); diag "tcpdump.log:"; my $tcpdumplog = `cat /tmp/tcpdump.log`; diag($tcpdumplog); ok($tcpdumplog !~ "${spoofipaddr} is-at", "tcpdump expected to capture no arp reply packets"); shutdown_vm_gracefully($dom); Found error in /usr/share/libvirt-tck/tests/nwfilter/230-no-mac-broadcast.t: $ grep -A5 -B5 /tmp/ /usr/share/libvirt-tck/tests/nwfilter/230-no-mac-broadcast.t diag $ebtable; ok($ebtable =~ "-d Broadcast -j DROP", "check ebtables entry for \"-d Broadcast -j DROP\""); # prepare tcpdump diag "prepare tcpdump"; system("/usr/sbin/tcpdump -v -i virbr0 -n host $networkipbroadcast and ether host ff:ff:ff:ff:ff:ff 2> /tmp/tcpdump.log &"); # log into guest diag "ssh'ing into $guestip"; my $ssh = Net::OpenSSH->new($guestip, user => "root", -- diag "Exit Code: $?"; # now stop tcpdump and verify result diag "stopping tcpdump"; system("kill -15 `pidof tcpdump`"); my $tcpdumplog = `cat /tmp/tcpdump.log`; diag($tcpdumplog); ok($tcpdumplog =~ "0 packets captured", "tcpdump expected to capture no packets"); shutdown_vm_gracefully($dom);;