fail	file-rename-utils-1.7.3-alt1_10.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/htmlrename: $ grep /tmp/ /usr/bin/htmlrename old4=$(echo "$old3" | sed "s/!/%21/g") old5=$(echo "$old4" | sed "s/\`/%60/g") old6=$(echo "$old5" | sed "s/»/%BB/g") # this ~shouldn't~ normally fail, excepting unforseen punctuation if ! sed "s/$old1\|$old2\|$old3\|$old4\|$old5\|$old6/$new/g" "$1$suffix" >/tmp/htmlrename$$ then echo "$Name: substitution failed, files unaltered." exit 1 else # don't kill oldhtml in case of failure (esp. vfat f/s) (if [ "$suffix" ] ; then # f-ing firefox insists on saving without the .htm extension, so if there's no ".htm" , add it mv /tmp/htmlrename$$ "$2.htm" else mv /tmp/htmlrename$$ "$2$suffix" fi ) && \ mv "$1$suffix" /tmp/htmlrename && \ mv "$old" "$new" exit $? fi; 
fail	miniupnpd-2.3.4-alt1_3.x86_64	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/miniupnpd/nft_init.sh: $ grep /tmp/ /etc/miniupnpd/nft_init.sh exit 0 fi echo "Creating nftables structure" cat > /tmp/miniupnpd.nft <<EOF table inet $TABLE { chain forward { type filter hook forward priority 0; policy accept; EOF if [ "$TABLE" != "$NAT_TABLE" ] then cat >> /tmp/miniupnpd.nft <<EOF } table inet $NAT_TABLE { EOF fi cat >> /tmp/miniupnpd.nft <<EOF chain prerouting { type nat hook prerouting priority -100; policy accept; # miniupnpd -- chain $POSTROUTING_CHAIN { } } EOF chcon system_u:object_r:iptables_tmp_t:s0 /tmp/miniupnpd.nft $NFT -f /tmp/miniupnpd.nft rm /tmp/miniupnpd.nft; 
fail	perl-App-Wallflower-scripts-1.015-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/wallflower: $ grep /tmp/ /usr/bin/wallflower /javascripts/jquery.js Passing this list to B<wallflower> gives the following result: $ wallflower bin/app.pl /tmp urls.txt 200 / => /tmp/output/index.html [5367] 200 /404.html => /tmp/output/404.html [499] 200 /500.html => /tmp/output/500.html [510] 200 /css/error.css => /tmp/output/css/error.css [1210] 200 /css/style.css => /tmp/output/css/style.css [2850] 404 /favicon.ico 404 /images/perldancer-bg.jpg 404 /images/perldancer.jpg 200 /javascripts/jquery.js => /tmp/output/javascripts/jquery.js [248235] Note that URLs with a path ending in a C</> are considered directories and have the default I<index> filename appended, and that wallflower will behave unpredictably if the site contains pages accessible through URLs ending both in F<foo> and F<foo/>. This is arguably a bug, but it's; 
fail	perl-Cikl-scripts-0.5.1-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/cikl_crontool: $ grep /tmp/ /usr/bin/cikl_crontool my $throttle = $opts{'T'} || 'medium'; my $cron_tool = $opts{'b'} || 'cikl_smrt'; my $config = $opts{'C'} || $ENV{'HOME'}.'/.cikl'; my $debug = $opts{'d'}; my $debug_level = $opts{'v'}; my $mutex = $opts{'L'} || '/tmp/cikl_crontool.lock.'.$period; my $start_at = $opts{'S'}; my $dir = $opts{'F'} || '/opt/cikl'; my $admin = $opts{'A'} || 'root'; my $fail_closed = $opts{'N'} || 0; } remove_lock(); sub bail { my $msg = shift; if(-e '/tmp/.cikl_crontool.err'){ print $msg."\n"; } else { my $msg = MIME::Lite->new( To => $admin, Subject => 'cikl_crontool failure', Data => $msg || 'unknown', ); $msg->send(); system('touch /tmp/.cikl_crontool.err'); open(MUTEX, ">>/tmp/.cikl_crontool.err") or die "/tmp/.cikl_crontool.err: $!"; close(MUTEX); } warn($msg); exit(-1); }; 
fail	perl-File-SmartTail-scripts-1.0.0-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/rtail.pl: $ grep /tmp/ /usr/bin/rtail.pl $args{-statuskey} and push @newargs, '-statuskey' => $args{-statuskey}; my $tail = new File::SmartTail( @newargs ); $tail->WatchFile(%args); open (STDOUT, ">> /tmp/rtail.out.$$"); # Diagnostics. open (STDERR, ">> /tmp/rtail.out.$$"); # Diagnostics. chmod( 0700, "/tmp/rtail.out.$$" ); my $oldfh = select(STDOUT); $| = 1; select(STDERR); $| = 1; select($oldfh); alarm $timeout; my $new_sock = $sock->accept();; 
fail	perl-MondoRescue-3.2.2-alt1_5.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/mr-analyze-lvm: $ grep /tmp/ /usr/bin/mr-analyze-lvm pb_log(1,"No LVM handling\n") ; } else { pb_log(1,"LVM Structure :".Dumper($lvm)."\n"); } open(LVM, "> /tmp/lvm.out") || mr_exit(-1, "Unable to write to /tmp/lvm.out"); $lvm = mr_lvm_analyze(\*LVM); close(LVM); open(LVM, "/tmp/lvm.out") || mr_exit(-1, "Unable to read to /tmp/lvm.out"); $lvm = mr_lvm_prepare(\*LVM,$OUTPUT,1); close(LVM); if (defined $opts{'o'}) { close($OUTPUT);; 
fail	perl-NBI-Slurm-scripts-0.8.2-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/make_image_from_bioconda: $ grep /tmp/ /usr/bin/make_image_from_bioconda fi echo "[4] Clean environment" micromamba clean echo "[5] Create binaries list: /etc/binaries.txt" sort /list_all.txt > /tmp/list_all.txt sort /list_deps.txt > /tmp/list_deps.txt comm /tmp/list_all.txt /tmp/list_deps.txt | sort > /etc/binaries.txt rm /list_all.txt /list_deps.txt rm /tmp/*txt echo "[6] Finalize: list" cat /etc/binaries.txt {post:=#Nothing to add} %environment; 
fail	perl-Net-DSML-0.003-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/perl-Net-DSML-0.003/Examples/UsingXslt: $ grep /tmp/ /usr/share/doc/perl-Net-DSML-0.003/Examples/UsingXslt } # get the return xml content, should be the status of the dsml request. $postData = $webdsml->content(); open(OUT, ">>/tmp/dsml.xml"); print(OUT $postData); close(OUT); $xsl = './html_1.xsl'; $xmlfile = 'file:///tmp/dsml.xml'; my $xslt = XML::XSLT->new ($xsl); $xslt->transform($xmlfile); open(OUT, ">>/tmp/dsml.html"); print( OUT $xslt->toString); close(OUT); $xslt->dispose();; 
fail	perl-OODoc-scripts-2.02-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/oodist: $ grep /tmp/ /usr/bin/oodist | <dir> makefile:DISTDIR || $ENV{OODOC_DISTDIR} || <src> | <path> empty | <string> makefile:DISTNAME | <dir> makefile:RAWDIR || $ENV{OODOC_RAWDIR} || <src> <file> constructured | <dir> /tmp/<DISTVNAME> | true when specified OPTIONS for parsers: <string> makefile:SKIP_LINKS The processing will take place in a seperate directory: the stripped pm's and produced pod files will end-up there. If not provided, that directory will be named after the project, and located in C<$ENV{TMPDIR}>, which defaults to C</tmp>. For instance C</tmp/OODoc/> =back =head2 Options for parsers; 
fail	perl-OSSEC-scripts-0.1-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/ossec-update-rules-database.pl: $ grep /tmp/ /usr/bin/ossec-update-rules-database.pl warn($i . " not found\n"); } else { readpipe("echo \"<root>\" > /tmp/".$i->textContent); readpipe("cat " . $ossec->ossecPath() . "/rules/" . $i->textContent . ">> /tmp/".$i->textContent); readpipe("echo \"</root>\" >> /tmp/".$i->textContent); readpipe("sed '/pcre2/d' /tmp/".$i->textContent ); open(my $fh, '<', "/tmp/" . $i->textContent); binmode $fh; my $ruleFile; my $parser = XML::LibXML->new; $parser->set_option("pedantic_parser",0);; 
fail	perl-Parse-RPN-2.87-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/Parse/RPN.pl: $ grep /tmp/ /usr/share/perl5/Parse/RPN.pl sub save { my $file = shift; my $data = shift; print "save file=$file\tdata=$data\n"; open FILE, ">/tmp/$file"; print FILE $data; close FILE; } sub restore { my $file = shift; open FILE, "/tmp/$file"; my $data = <FILE>; close FILE; print "restore file=$file\tdata=$data\n"; return $data; }; 
fail	perl-Snapback2-scripts-1.001-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/snapback_loop: $ grep /tmp/ /usr/bin/snapback_loop snapback_loop [-c configfile] & =head1 DESCRIPTION This script just loops looking for a file in the communication directory, by default /tmp/backups. It then calls snapback2 with the specified configuration file name root based in /etc/snapback. It exists to allow someone to start an ssh-agent, then walk away for unattended backup over a long period. ## type ssh key passphrase when prompted ssh-agent > ~/.sshenv . ~/.sshenv ssh-add snapback_loop >>/tmp/snapback_loop.log 2>&1 & or tcsh/csh: ## type ssh key passphrase when prompted ssh-agent -c > ~/.sshenv source ~/.sshenv ssh-add snapback_loop >>& /tmp/snapback_loop.log The author has a machine dedicated to Snapback2, and this is in the rc.local so it starts on boot. To initiate a backup, you just put entries in crontab like: 18 usr usr usr usr touch /tmp/backups/snapback The filename is the name of the snapback configuration file. The above would cause a call to: /usr/local/bin/snapback2 snapback -- } } my %Defaults = ( AlwaysEmail => 'No', LoopDirectory => '/tmp/backups', sendmail => "/usr/sbin/sendmail", SnapbackExecutable => '/usr/local/bin/snapback2', SnapbackOpts => '', ); -- $val = is_yes($val); } return $val; } my $COMM_DIR = get_cfg('LoopDirectory') || '/tmp/backups'; my $ERR_DIR = "$COMM_DIR/errors"; my $DONE_DIR = "$COMM_DIR/done"; my $SNAPBACK = get_cfg('SnapbackExecutable') || '/usr/local/bin/snapback2'; my $SNAPBACK_OPTS = get_cfg('SnapbackOpts') || '';; 
fail	perl-Sys-Virt-TCK-2.0.0-alt1_1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/libvirt-tck/tests/nwfilter/240-no-arp-spoofing.t: $ grep /tmp/ /usr/share/libvirt-tck/tests/nwfilter/240-no-arp-spoofing.t # check if IP address is listed ok($ebtable =~ "$guestip", "check ebtables entry"); # prepare tcpdump diag "prepare tcpdump"; system("/usr/sbin/tcpdump virbr0 not ip > /tmp/tcpdump.log &"); # log into guest diag "ssh'ing into $guestip"; my $ssh = Net::OpenSSH->new($guestip, user => "root", # now stop tcpdump and verify result diag "stopping tcpdump"; system("kill -15 `pidof tcpdump`"); diag "tcpdump.log:"; my $tcpdumplog = `cat /tmp/tcpdump.log`; diag($tcpdumplog); ok($tcpdumplog !~ "${spoofipaddr} is-at", "tcpdump expected to capture no arp reply packets"); shutdown_vm_gracefully($dom); Found error in /usr/share/libvirt-tck/tests/nwfilter/230-no-mac-broadcast.t: $ grep -A5 -B5 /tmp/ /usr/share/libvirt-tck/tests/nwfilter/230-no-mac-broadcast.t diag $ebtable; ok($ebtable =~ "-d Broadcast -j DROP", "check ebtables entry for \"-d Broadcast -j DROP\""); # prepare tcpdump diag "prepare tcpdump"; system("/usr/sbin/tcpdump -v -i virbr0 -n host $networkipbroadcast and ether host ff:ff:ff:ff:ff:ff 2> /tmp/tcpdump.log &"); # log into guest diag "ssh'ing into $guestip"; my $ssh = Net::OpenSSH->new($guestip, user => "root", -- diag "Exit Code: $?"; # now stop tcpdump and verify result diag "stopping tcpdump"; system("kill -15 `pidof tcpdump`"); my $tcpdumplog = `cat /tmp/tcpdump.log`; diag($tcpdumplog); ok($tcpdumplog =~ "0 packets captured", "tcpdump expected to capture no packets"); shutdown_vm_gracefully($dom);; 
fail	perl-kif-2.01-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/KIF/Build.pm: $ grep /tmp/ /usr/share/perl5/KIF/Build.pm { # # Save the current configuration, if any. # move($_, '/tmp/' . basename($_) . "-$theReleaseTagXXX") if (!$theObject->testFlag()) ; $theObject->_print("Moved $_ => /tmp/" . basename($_) . "-$theReleaseTagXXX\n", 1) ; } ; } ; $theObject->run("make distclean") ; for ($theIndex = 0; $theIndex < scalar(@theFileList); $theIndex++) { $_ = '/tmp/' . basename($theFileList[$theIndex]) . "-$theReleaseTagXXX" ; if (-e $_) { # # Restore the current configuration, if any.; 
fail	perl-snaked-scripts-0.14-alt2.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/snaked: $ grep /tmp/ /usr/bin/snaked # Thu Jun 24 10:29:38 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [24836] requested to restart # Thu Jun 24 10:29:38 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [24836] stopped # Thu Jun 24 10:29:54 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [WARN] [29246] snaked is already running: /usr/bin/perl /opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked /opt/home/monitor/ps-snake/etc/ps-farm/options/ps-snaked [24836] # # [monitor@orange64 ~]$ uname # FreeBSD orange64.yandex.ru 7.2-STABLE FreeBSD 7.2-STABLE #0 r199991M: Mon Feb 8 12:50:25 MSK 2010 root@distillatory.yandex.ru:/place/tmp/mk_pkg.wG1LSf1f/obj/place/GIT-repos/FreeBSD-7-r199991/sys/PRODUCTION amd64 # # Proc::ProcessTable 0.54 # $ENV{'snaked_cleanup_already_running'} = 1; if ($> eq 0) { Yandex::Tools::write_file_scalar($target_dir . "/log", "/var/log/snaked.log\n"); Yandex::Tools::write_file_scalar($target_dir . "/admin_email", "root\n"); } else { Yandex::Tools::write_file_scalar($target_dir . "/log", "/tmp/snaked.log\n"); Yandex::Tools::write_file_scalar($target_dir . "/admin_email", getpwuid($>) . "\n"); } File::Path::mkpath($target_dir . "/jobs/every_hour"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_hour/execution_schedule", "0 usr usr usr *\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_hour/cmd", "uptime >> /tmp/snaked_every_hour\n"); chmod(0755, $target_dir . "/jobs/every_hour/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/every_hour/cmd" . "]", {'no_log' => 1}); File::Path::mkpath($target_dir . "/jobs/every_ten_seconds"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_ten_seconds/execution_interval", "10\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_ten_seconds/cmd", "uptime >> /tmp/snaked_every_ten_seconds\nsleep 2\n"); chmod(0755, $target_dir . "/jobs/every_ten_seconds/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/every_ten_seconds/cmd" . "]", {'no_log' => 1}); File::Path::mkpath($target_dir . "/jobs/fast_job"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/execution_interval", "1\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/cmd", "uptime >> /tmp/snaked_fast_job\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/conflicts", "every_ten_seconds\n"); chmod(0755, $target_dir . "/jobs/fast_job/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/fast_job/cmd" . "]", {'no_log' => 1}); print "written sample configuration to: $target_dir\n"; exit(0);; 
fail	vdrsync-0.1.2.2dev2-alt1_050322.13.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/vdrsync.pl: $ grep /tmp/ /usr/bin/vdrsync.pl } } #if ($use_pipe) { my $timer = 0; dprint("Checking lock file /tmp/vdrsync_lock_$main_pid\n"); while (-f "/tmp/vdrsync_lock_$main_pid") { $timer++; sleep 1; if ($timer % 5 == 0) { print "Waiting for multipex / authoring to finish, then starting $_\n"; } if ($timer > 300) { die "Something went very wrong\n"; } } dprint ("lock file /tmp/vdrsync_lock_$main_pid not there\n"); open OFH, ">/tmp/vdrsync_lock_$main_pid" or die "Could not open lockfile: $!\n"; print OFH localtime(); close OFH; dprint ("lock file /tmp/vdrsync_lock_$main_pid created\n"); #} if ($use_pipe) { @fifo_list = @{ prepare_fifos($_) }; prepare_forks(@fifo_list); } post_process($PES_Obj, \@fifo_list); $PES_Obj = ""; print("\nFinished processing $_ \n"); $current_title_set++; if (! $use_pipe) { unlink("/tmp/vdrsync_lock_$main_pid"); } } my $timer = 0; dprint ("\nObserving lock file /tmp/vdrsync_lock_$main_pid\n"); while (-f "/tmp/vdrsync_lock_$main_pid") { $timer++; sleep 1; if ($timer % 5 == 0) { print "Waiting for multipex / authoring to finish\n"; } if ($timer > 300) { die "Something went very wrong\n"; } } dprint ("lock file /tmp/vdrsync_lock_$main_pid gone\n"); if (($use_pipe) && ($master_dvd)) { print "Need to finalize the DVD image....\n"; finalize_dvd_image(); } else { print "No need to finish DVD Image, since there is none\n"; -- sub prepare_filters { #print "$all"; #$audio_filter = " ./thread.pl.old audio%d_fifo "; if ($use_new_pipe) { if ($audio_filter) { $audio_filter = " vdrsync_buffer alog_new 2>/dev/null | " . $audio_filter . " > /tmp/audio%d_fifo$main_pid "; #2>/dev/null } else { $audio_filter = " vdrsync_buffer alog_new > /tmp/audio%d_fifo$main_pid "; #2>/dev/null } if ($video_filter) { $video_filter = " vdrsync_buffer vlog_new 2>/dev/null | " . $video_filter . " > /tmp/video_fifo$main_pid "; #2>/dev/null } else { $video_filter = " vdrsync_buffer vlog_new > /tmp/video_fifo$main_pid "; #2>/dev/null } if ($ac3_filter) { $ac3_filter = " vdrsync_buffer ac3log_new 2>/dev/null | " . $ac3_filter . " > /tmp/ac3_fifo$main_pid "; # 2> /dev/null } else { $ac3_filter = " vdrsync_buffer ac3log_new > /tmp/ac3_fifo$main_pid 2>/dev/null "; #2>/dev/null } } else { if ($audio_filter) { $audio_filter = " vdrsync_buffer.pl STDOUT 2>/dev/null | " . $audio_filter . " > /tmp/audio%d_fifo$main_pid "; #2>/dev/null } else { $audio_filter = " vdrsync_buffer.pl /tmp/audio%d_fifo$main_pid 2>/dev/null "; #2>/dev/null } if ($video_filter) { $video_filter = " vdrsync_buffer.pl STDOUT 2>/dev/null | " . $video_filter . " > /tmp/video_fifo$main_pid "; #2>/dev/null } else { $video_filter = " vdrsync_buffer.pl /tmp/video_fifo$main_pid 2>/dev/null"; #2>/dev/null } if ($ac3_filter) { $ac3_filter = " vdrsync_buffer.pl STDOUT 2>/dev/null | " . $ac3_filter . " > /tmp/ac3_fifo$main_pid "; # 2> /dev/null } else { $ac3_filter = " vdrsync_buffer.pl /tmp/ac3_fifo$main_pid 2>/dev/null "; #2>/dev/null } } dprint ("$audio_filter\n"); dprint ("$video_filter\n"); dprint ("$ac3_filter\n"); -- #$PES_Info_Obj = ""; my $all = join "", @results; #print "All is now:\n$all"; if (-e "/tmp/video_fifo$main_pid") { system "rm /tmp/video_fifo$main_pid"; dprint ("deleting video_fifo$main_pid\n"); } my $result = execute ("mkfifo /tmp/video_fifo$main_pid"); dprint ("Tried to create video fifo with result $result\n"); push @fifo_list, "/tmp/video_fifo$main_pid"; my $stream_id = "bd_Audio_stream=yes"; if (($all =~ /$stream_id/) && (! $ignore_hash{bd})) { dprint("Need to create a fifo for stream $stream_id\n"); if (-e "/tmp/ac3_fifo$main_pid") { system "rm /tmp/ac3_fifo$main_pid"; dprint ("deleting ac3_fifo$main_pid\n"); } $result = execute ("mkfifo /tmp/ac3_fifo$main_pid"); dprint ("Tried to create fifo with result $result\n"); if ($result) {die "FIFO Creation failed\n";} push @fifo_list, "/tmp/ac3_fifo$main_pid"; } for (my $i = 0; $i < 7; $i++) { $stream_id = "c$i" . "_Audio_stream=yes"; my $id = "c$i"; if ($ignore_hash{$id}) { next; } #print "Testing for stream $stream_id...\n"; if ($all =~ /$stream_id/ ) { if (-e ("/tmp/audio$i" . "_fifo$main_pid")) { #if (-e ("./audio" . "_fifo")) { system ("rm /tmp/audio$i" . "_fifo$main_pid"); # print "deleting ./audio$i" . "_fifo\n"; } # print "Need to create a fifo for stream $stream_id\n"; $result = execute ("mkfifo /tmp/audio$i", "_fifo$main_pid"); # print "Tried to create fifo with result $result\n"; push @fifo_list, "/tmp/audio$i". "_fifo$main_pid"; } } foreach (@fifo_list) { dprint ("$_ is on the fifo list\n"); -- my $pid; my @pidlist; my $target; if ($master_dvd) { $target = "/tmp/remuxfifo$main_pid"; if (-p "/tmp/remuxfifo$main_pid") { dprint ("remuxfifo does exist\n"); } else { my $result = execute ("mkfifo /tmp/remuxfifo$main_pid"); dprint ("the attempt to create FIFO returned $result\n"); } } elsif ($mplex) { $target = "$path_param/$basename.mpg"; } else { -- if ($pid2 = fork) { return; } else { add_to_dvd_image($target); dprint ("deleting lockfile after dvdauthor finished\n"); unlink("/tmp/vdrsync_lock_$main_pid"); exit; } } return; } else { print ("Setting up mutliplex process for $main_pid in $$\n"); multiplex($target, \@fifo_list); if (! $master_dvd) { dprint ("deleting lockfile after mplex finished\n"); unlink("/tmp/vdrsync_lock_$main_pid"); } exit; } } -- } sub compute_info { my $counter = 0; my $temp_dir = "/tmp/"; my $total_video = 0; my $total_audio = 0; (my @ig_list) = (@ignore_list); my %ig_hash; -- } sub add_to_dvd_image { my $remuxfifo = shift || "/tmp/remuxfifo"; my $timer = 0; nprint "\nCreating DVD structure using dvdauthor...using $remuxfifo"; dprint("Current title set is $current_title_set\n"); -- execute($cmd); } else { nprint "\nCreating table of content..."; execute(sprintf("%s -T -o \"%s/%s\"", $progs{dvdauthor}, $path_param, $basename)); unlink("/tmp/remuxfifo"); sleep 1; } } sub create_dvd_image { -- print "Start dvdimage creation\n"; #my $mplex_command = shift; my @files_to_mux = @{ shift @_ }; my $pid; if (-p "/tmp/remuxfifo$main_pid") { print "remuxfifo$main_pid does exist\n"; } else { my $result = execute "mkfifo /tmp/remuxfifo$main_pid"; dprint "the attempt to create FIFO returnd $result\n"; } if ($pid = fork) { #nprint "Creating DVD structure using dvdauthor..."; add_to_dvd_image("/tmp/remuxfifo$main_pid"); finalize_dvd_image(); #execute( # sprintf("%s -v %s %s -c %s -o \"%s/%s\" /tmp/remuxfifo", # $progs{dvdauthor}, ## $asp_ratio, # $master_dvd_param, # dvdauthor_length(), # $path_param, -- # ) #); #nprint "Creating table of content..."; #execute(sprintf("%s -T -o \"%s/%s\"", $progs{dvdauthor}, $path_param, $basename)); #unlink("/tmp/remuxfifo"); #sleep 1; } else { dprint "mplexing file to fifo\n"; multiplex("/tmp/remuxfifo$main_pid", \@files_to_mux); #dprint "should execute $mplex_command and put it to the fifo\n"; #$mplex_command .= " -o /tmp/remuxfifo"; #dprint "now the command is $mplex_command\n"; #nprint "Multiplexing streams for dvdauthor..."; #execute $mplex_command; print "finished mplexing\n"; die "The multiplex fork has finished\n"; -- current_offset => "", }, debug => 0, create_index => "/usr/bin/create_indexvdr.pl", debug_log =>"/tmp/vdrrecording.debug", @_, }; return bless $self, $class; } sub verify_chapter_marks {; 
fail	wmspaceweather-1.04-alt1_16.x86_64	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/GetKp: $ grep /tmp/ /usr/bin/GetKp use POSIX (); ($Year, $Month, $Day) = &year_month_day(); if (-e "/tmp/DGD.txt"){ unlink("/tmp/DGD.txt"); } if (-e "/tmp/curind.txt"){ unlink("/tmp/curind.txt"); } $grabcmd = "cd /tmp; wget 2 ftp://ftp.swpc.noaa.gov/pub/indices/DGD.txt"; system "$grabcmd"; $Kp{190001016} = 999; $Kp{190001017} = 999; $Kp{190001018} = 999; open(TmpFile, "/tmp/DGD.txt"); while (<TmpFile>){ chop; if ($_ =~ /^\d{4} \d{2} \d{2}\s*\d*/ ){ $Date = $_; -- $grabcmd = "cd /tmp; wget --passive-ftp --tries 2 -q ftp://ftp.swpc.noaa.gov/pub/latest/curind.txt"; system "$grabcmd"; %lmonstr = ( "Jan", 1, "Feb", 2, "Mar", 3, "Apr", 4, "May", 5, "Jun", 6, "Jul", 7, "Aug", 8, "Sep", 9, "Oct", 10, "Nov", 11, "Dec", 12); @lval = ($lyear, $lmonstr{$lmon}, $ldom); open(TmpFile, "/tmp/curind.txt"); $count = 10; while (<TmpFile>){ chop; if ($_ =~ /^:Geomagnetic_Values: (\d{4}) (.*) (\d{1,2})/){ $y = $_; -- $Result{$key} = $Kp{$key}; ++$n; } } open(TmpFile, ">/tmp/LatestKp.txt"); foreach $key (sort keys %Result ) { if ($Result{$key} > 10) { $Result{$key} = -1; } printf TmpFile "$key $Result{$key}\n"; } -- # # $Gif = "$List[$#List]"; # $Latest = "http://swdcdb.kugi.kyoto-u.ac.jp/dstdir/dst1/q/$Gif"; # # # $grabcmd = "/u/mgh/wwwgrab/wwwgrab $Latest /n/tmp/polar/$Gif"; # system "$grabcmd"; # # # system "convert -crop 0x0 /n/tmp/polar/${Gif} /n/tmp/polar/Dst.rle"; # system "fant -s .5 .5 -o /n/tmp/polar/Dst2.rle /n/tmp/polar/Dst.rle"; # system "convert -frame 4x4 -gamma 3 -crop 0x0 -colors 256 /n/tmp/polar/Dst2.rle /n/leadbelly/belly3/PolarNRT/CEPPAD/IPS/LatestDst.gif"; # # # # #; 
info	perl-GRID-Machine-0.127-alt5.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/perl-GRID-Machine-0.127/examples/syntaxerr.pl: $ grep /tmp/ /usr/share/doc/perl-GRID-Machine-0.127/examples/syntaxerr.pl my $remote_uname = $machine->eval( "uname()" )->results; print "@$remote_uname\n"; # We can pass arguments $machine->eval( q{ open FILE, '> /tmp/foo.txt'; print FILE shift; close FILE; }, "Hello, world!" ); read_all => q{ #line 25 err1.pl my $filename = shift; my $FILE; local $/ ) undef; # line X1 <-- error!!! open $FILE, "< /tmp/foo.txt"; $_ = <$FILE>; close $FILE; return $_; }, ); die $result->errmsg unless $result->type eq 'OK'; my @files = $machine->eval('glob("/tmp/*.txt")'); foreach my $file ( @files ) { # Remote call: an GRID::Machine::Result object is returned my $content = $machine->read_all($file )->result; print "$content\n"; } Found error in /usr/share/doc/perl-GRID-Machine-0.127/examples/pruebaetsii.pl: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-GRID-Machine-0.127/examples/pruebaetsii.pl $ips->eval( "use POSIX qw( uname )" ); my @remote_uname = $ips->eval( "uname()" ); print "@remote_uname\n"; # We can pass arguments $ips->eval( "open FILE, '> /tmp/foo.txt'; print FILE shift; close FILE;", "Hello, world!" ); # We can pre-compile stored procedures $ips->store( "slurp_file", <<'EOS' my $filename = shift; my $FILE; local $/ = undef; open $FILE, "< /tmp/foo.txt"; $_ = <$FILE>; close $FILE; return $_; EOS ); my @files = $ips->eval('glob("/tmp/*.txt")'); foreach my $file ( @files ) { print "$file:\n**************\n"; my $content = $ips->call( "slurp_file", $file ); print "$content\n"; } Found error in /usr/share/doc/perl-GRID-Machine-0.127/examples/pruebacommandarray.pl: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-GRID-Machine-0.127/examples/pruebacommandarray.pl $ips->eval( "use POSIX qw( uname )" ); my @remote_uname = $ips->eval( "uname()" ); print "@remote_uname\n"; # We can pass arguments $ips->eval( "open FILE, '> /tmp/foo.txt'; print FILE shift; close FILE;", "Hello, world!" ); # We can pre-compile stored procedures $ips->store( "slurp_file", <<'EOS' my $filename = shift; my $FILE; local $/ = undef; open $FILE, "< /tmp/foo.txt"; $_ = <$FILE>; close $FILE; return $_; EOS ); my @files = $ips->eval('glob("/tmp/*.txt")'); foreach my $file ( @files ) { my $content = $ips->call( "slurp_file", $file ); print "$content\n"; } Found error in /usr/share/doc/perl-GRID-Machine-0.127/examples/pruebacommand.pl: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-GRID-Machine-0.127/examples/pruebacommand.pl $ips->eval( "use POSIX qw( uname )" ); my @remote_uname = $ips->eval( "uname()" ); print "@remote_uname\n"; # We can pass arguments $ips->eval( "open FILE, '> /tmp/foo.txt'; print FILE shift; close FILE;", "Hello, world!" ); $ips->eval('use vars qw($c $f %d)'); $ips->eval('$a = [4..9]; $c = {a=>1, b=>2}; %d = (d=>9, e=>11)'); -- # We can pre-compile stored procedures $ips->store( "slurp_file", <<'EOS' my $filename = shift; my $FILE; local $/ = undef; open $FILE, "< /tmp/foo.txt"; $_ = <$FILE>; close $FILE; return $_; EOS ); -- #print $ips->dump('$f'); my $f = $ips->eval('Mipaquete::triple(4)'); print "triple de 4: $f\n"; my @files = $ips->eval('glob("/tmp/*.txt")'); foreach my $file ( @files ) { my $content = $ips->call( "slurp_file", $file ); print "$file:\n********************\n$content\n"; } Found error in /usr/share/doc/perl-GRID-Machine-0.127/examples/prueba.pl: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-GRID-Machine-0.127/examples/prueba.pl my $remote_uname = $m->eval( "uname()" )->results; print "@$remote_uname\n"; # We can pass arguments $m->eval( q{ open FILE, '> /tmp/foo.txt'; print FILE shift; close FILE; }, "Hello, world!" ); -- # We can pre-compile stored procedures $m->compile( slurp_file => q{ my $filename = shift; my $FILE; local $/ = undef; open $FILE, "< /tmp/foo.txt"; $_ = <$FILE>; close $FILE; return $_; } ); my @files = $m->eval('glob("/tmp/*.txt")'); foreach my $file ( @files ) { my $content = $m->call( "slurp_file", $file ); print $content->result."\n"; } Found error in /usr/share/doc/perl-GRID-Machine-0.127/examples/pipes.pl: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-GRID-Machine-0.127/examples/pipes.pl my $machine = shift || 'orion.pcg.ull.es'; my $m = GRID::Machine->new( host => $machine ); my $i; my $f = $m->open('| sort -n > /tmp/sorted.txt'); for($i=10; $i>=0;$i--) { $f->print("$i\n") } $f->close(); my $g = $m->open('/tmp/sorted.txt'); print while <$g>; Found error in /usr/share/doc/perl-GRID-Machine-0.127/examples/bind.pl: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-GRID-Machine-0.127/examples/bind.pl my $remote_uname = $machine->eval( "uname()" )->results; print "@$remote_uname\n"; # We can pass arguments $machine->eval( q{ open FILE, '> /tmp/foo.txt'; print FILE shift; close FILE; }, "Hello, world!" ); -- read_all => q{ #line __LINE__ __FILE__ my $filename = shift; my $FILE; local $/ = undef; open $FILE, "< /tmp/foo.txt"; $_ = <$FILE>; close $FILE; return $_; }, ); my @files = $machine->eval('glob("/tmp/*.txt")'); foreach my $file ( @files ) { # Remote call: an GRID::Machine::Result object is returned my $content = $machine->read_all($file )->result; print "$content\n"; }; 
info	perl-Image-ParseGIF-0.2-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/perl-Image-ParseGIF-0.2/examples/main.cgi: $ grep /tmp/ /usr/share/doc/perl-Image-ParseGIF-0.2/examples/main.cgi if ($key eq '') # new request, send status page, and write progress to pipe { $key = 3; #URI::Escape::uri_escape(rand(1<<31)); # create a named pipe with which to talk to the status script system('mkfifo', "/tmp/status.$key"); $SIG{PIPE} = 'IGNORE'; # should check $! (== EPIPE) after writes print join("\n", ( "Expires: 0", "Pragma: no-cache", "<a href=\"main.cgi?key=$key\"><img src=status.cgi?key=$key border=0 width=200 height=40></a>", "<p>", # 'flush' the last paragraph )); # open for reading as well as writing to avoid blocking open(STATUS, "+>/tmp/status.$key"); select(STATUS); $| = 1; flock(STATUS, LOCK_EX); # block the 'Done' step till we are done (below) my $steps = 10; -- else { print "Content-type: text/html\n\n"; # wait till the work is done open(STATUS, "+>/tmp/status.$key"); # just to get a lock unless (flock(STATUS, LOCK_SH|LOCK_NB)) { print "waiting for request to complete...<p>\n"; flock(STATUS, LOCK_SH); } close(STATUS); unlink ("/tmp/status.$key"); print "Done.\n"; };