gem-ruby-libvirt-0.8.3-alt1.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/tests/test_storage.rb: $ grep /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/tests/test_storage.rb <volume> <name>test.img</name> <allocation>0</allocation> <capacity unit="G">1</capacity> <target> <path>/tmp/rb-libvirt-test/test.img</path> </target> </volume> EOF new_storage_vol_xml_2 = <<EOF <volume> <name>test2.img</name> <allocation>0</allocation> <capacity unit="G">5</capacity> <target> <path>/tmp/rb-libvirt-test/test2.img</path> </target> </volume> EOF # TESTGROUP: vol.pool expect_invalid_arg_type(newpool, "delete", 'foo') expect_success(newpool, "no args", "delete") if !test_default_uri? `mkdir -p /tmp/rb-libvirt-test` end newpool.undefine if !test_default_uri? Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/examples/storage.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/examples/storage.rb # etc. See https://libvirt.org/formatstorage.html for more details require 'libvirt' # a directory storage pool. This will be a pool with the name # 'ruby-libvirt-tester' with the pool itself in /tmp/ruby-libvirt-tester storage_pool_xml = <<EOF <pool type="dir"> <name>ruby-libvirt-tester</name> <uuid>33a5c045-645a-2c00-e56b-927cdf34e17a</uuid> <target> <path>/tmp/ruby-libvirt-tester</path> </target> </pool> EOF # a storage volume. This will have name test.img, with capacity of 1GB -- <volume> <name>test.img</name> <allocation>0</allocation> <capacity unit="G">1</capacity> <target> <path>/tmp/ruby-libvirt-tester/test.img</path> </target> </volume> EOF # open up the connection to libvirt; 
