vdrsync-0.1.2.2dev2-alt1_050322.13.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/vdrsync.pl: $ grep /tmp/ /usr/bin/vdrsync.pl } } #if ($use_pipe) { my $timer = 0; dprint("Checking lock file /tmp/vdrsync_lock_$main_pid\n"); while (-f "/tmp/vdrsync_lock_$main_pid") { $timer++; sleep 1; if ($timer % 5 == 0) { print "Waiting for multipex / authoring to finish, then starting $_\n"; } if ($timer > 300) { die "Something went very wrong\n"; } } dprint ("lock file /tmp/vdrsync_lock_$main_pid not there\n"); open OFH, ">/tmp/vdrsync_lock_$main_pid" or die "Could not open lockfile: $!\n"; print OFH localtime(); close OFH; dprint ("lock file /tmp/vdrsync_lock_$main_pid created\n"); #} if ($use_pipe) { @fifo_list = @{ prepare_fifos($_) }; prepare_forks(@fifo_list); } post_process($PES_Obj, \@fifo_list); $PES_Obj = ""; print("\nFinished processing $_ \n"); $current_title_set++; if (! $use_pipe) { unlink("/tmp/vdrsync_lock_$main_pid"); } } my $timer = 0; dprint ("\nObserving lock file /tmp/vdrsync_lock_$main_pid\n"); while (-f "/tmp/vdrsync_lock_$main_pid") { $timer++; sleep 1; if ($timer % 5 == 0) { print "Waiting for multipex / authoring to finish\n"; } if ($timer > 300) { die "Something went very wrong\n"; } } dprint ("lock file /tmp/vdrsync_lock_$main_pid gone\n"); if (($use_pipe) && ($master_dvd)) { print "Need to finalize the DVD image....\n"; finalize_dvd_image(); } else { print "No need to finish DVD Image, since there is none\n"; -- sub prepare_filters { #print "$all"; #$audio_filter = " ./thread.pl.old audio%d_fifo "; if ($use_new_pipe) { if ($audio_filter) { $audio_filter = " vdrsync_buffer alog_new 2>/dev/null | " . $audio_filter . " > /tmp/audio%d_fifo$main_pid "; #2>/dev/null } else { $audio_filter = " vdrsync_buffer alog_new > /tmp/audio%d_fifo$main_pid "; #2>/dev/null } if ($video_filter) { $video_filter = " vdrsync_buffer vlog_new 2>/dev/null | " . $video_filter . " > /tmp/video_fifo$main_pid "; #2>/dev/null } else { $video_filter = " vdrsync_buffer vlog_new > /tmp/video_fifo$main_pid "; #2>/dev/null } if ($ac3_filter) { $ac3_filter = " vdrsync_buffer ac3log_new 2>/dev/null | " . $ac3_filter . " > /tmp/ac3_fifo$main_pid "; # 2> /dev/null } else { $ac3_filter = " vdrsync_buffer ac3log_new > /tmp/ac3_fifo$main_pid 2>/dev/null "; #2>/dev/null } } else { if ($audio_filter) { $audio_filter = " vdrsync_buffer.pl STDOUT 2>/dev/null | " . $audio_filter . " > /tmp/audio%d_fifo$main_pid "; #2>/dev/null } else { $audio_filter = " vdrsync_buffer.pl /tmp/audio%d_fifo$main_pid 2>/dev/null "; #2>/dev/null } if ($video_filter) { $video_filter = " vdrsync_buffer.pl STDOUT 2>/dev/null | " . $video_filter . " > /tmp/video_fifo$main_pid "; #2>/dev/null } else { $video_filter = " vdrsync_buffer.pl /tmp/video_fifo$main_pid 2>/dev/null"; #2>/dev/null } if ($ac3_filter) { $ac3_filter = " vdrsync_buffer.pl STDOUT 2>/dev/null | " . $ac3_filter . " > /tmp/ac3_fifo$main_pid "; # 2> /dev/null } else { $ac3_filter = " vdrsync_buffer.pl /tmp/ac3_fifo$main_pid 2>/dev/null "; #2>/dev/null } } dprint ("$audio_filter\n"); dprint ("$video_filter\n"); dprint ("$ac3_filter\n"); -- #$PES_Info_Obj = ""; my $all = join "", @results; #print "All is now:\n$all"; if (-e "/tmp/video_fifo$main_pid") { system "rm /tmp/video_fifo$main_pid"; dprint ("deleting video_fifo$main_pid\n"); } my $result = execute ("mkfifo /tmp/video_fifo$main_pid"); dprint ("Tried to create video fifo with result $result\n"); push @fifo_list, "/tmp/video_fifo$main_pid"; my $stream_id = "bd_Audio_stream=yes"; if (($all =~ /$stream_id/) && (! $ignore_hash{bd})) { dprint("Need to create a fifo for stream $stream_id\n"); if (-e "/tmp/ac3_fifo$main_pid") { system "rm /tmp/ac3_fifo$main_pid"; dprint ("deleting ac3_fifo$main_pid\n"); } $result = execute ("mkfifo /tmp/ac3_fifo$main_pid"); dprint ("Tried to create fifo with result $result\n"); if ($result) {die "FIFO Creation failed\n";} push @fifo_list, "/tmp/ac3_fifo$main_pid"; } for (my $i = 0; $i < 7; $i++) { $stream_id = "c$i" . "_Audio_stream=yes"; my $id = "c$i"; if ($ignore_hash{$id}) { next; } #print "Testing for stream $stream_id...\n"; if ($all =~ /$stream_id/ ) { if (-e ("/tmp/audio$i" . "_fifo$main_pid")) { #if (-e ("./audio" . "_fifo")) { system ("rm /tmp/audio$i" . "_fifo$main_pid"); # print "deleting ./audio$i" . "_fifo\n"; } # print "Need to create a fifo for stream $stream_id\n"; $result = execute ("mkfifo /tmp/audio$i", "_fifo$main_pid"); # print "Tried to create fifo with result $result\n"; push @fifo_list, "/tmp/audio$i". "_fifo$main_pid"; } } foreach (@fifo_list) { dprint ("$_ is on the fifo list\n"); -- my $pid; my @pidlist; my $target; if ($master_dvd) { $target = "/tmp/remuxfifo$main_pid"; if (-p "/tmp/remuxfifo$main_pid") { dprint ("remuxfifo does exist\n"); } else { my $result = execute ("mkfifo /tmp/remuxfifo$main_pid"); dprint ("the attempt to create FIFO returned $result\n"); } } elsif ($mplex) { $target = "$path_param/$basename.mpg"; } else { -- if ($pid2 = fork) { return; } else { add_to_dvd_image($target); dprint ("deleting lockfile after dvdauthor finished\n"); unlink("/tmp/vdrsync_lock_$main_pid"); exit; } } return; } else { print ("Setting up mutliplex process for $main_pid in $$\n"); multiplex($target, \@fifo_list); if (! $master_dvd) { dprint ("deleting lockfile after mplex finished\n"); unlink("/tmp/vdrsync_lock_$main_pid"); } exit; } } -- } sub compute_info { my $counter = 0; my $temp_dir = "/tmp/"; my $total_video = 0; my $total_audio = 0; (my @ig_list) = (@ignore_list); my %ig_hash; -- } sub add_to_dvd_image { my $remuxfifo = shift || "/tmp/remuxfifo"; my $timer = 0; nprint "\nCreating DVD structure using dvdauthor...using $remuxfifo"; dprint("Current title set is $current_title_set\n"); -- execute($cmd); } else { nprint "\nCreating table of content..."; execute(sprintf("%s -T -o \"%s/%s\"", $progs{dvdauthor}, $path_param, $basename)); unlink("/tmp/remuxfifo"); sleep 1; } } sub create_dvd_image { -- print "Start dvdimage creation\n"; #my $mplex_command = shift; my @files_to_mux = @{ shift @_ }; my $pid; if (-p "/tmp/remuxfifo$main_pid") { print "remuxfifo$main_pid does exist\n"; } else { my $result = execute "mkfifo /tmp/remuxfifo$main_pid"; dprint "the attempt to create FIFO returnd $result\n"; } if ($pid = fork) { #nprint "Creating DVD structure using dvdauthor..."; add_to_dvd_image("/tmp/remuxfifo$main_pid"); finalize_dvd_image(); #execute( # sprintf("%s -v %s %s -c %s -o \"%s/%s\" /tmp/remuxfifo", # $progs{dvdauthor}, ## $asp_ratio, # $master_dvd_param, # dvdauthor_length(), # $path_param, -- # ) #); #nprint "Creating table of content..."; #execute(sprintf("%s -T -o \"%s/%s\"", $progs{dvdauthor}, $path_param, $basename)); #unlink("/tmp/remuxfifo"); #sleep 1; } else { dprint "mplexing file to fifo\n"; multiplex("/tmp/remuxfifo$main_pid", \@files_to_mux); #dprint "should execute $mplex_command and put it to the fifo\n"; #$mplex_command .= " -o /tmp/remuxfifo"; #dprint "now the command is $mplex_command\n"; #nprint "Multiplexing streams for dvdauthor..."; #execute $mplex_command; print "finished mplexing\n"; die "The multiplex fork has finished\n"; -- current_offset => "", }, debug => 0, create_index => "/usr/bin/create_indexvdr.pl", debug_log =>"/tmp/vdrrecording.debug", @_, }; return bless $self, $class; } sub verify_chapter_marks {;