Repocop reports by srpm

  rpm id test status message
gem-train-3.1.1-alt1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gems/2.5.0/gems/train-3.1.1/test/integration/bootstrap.sh: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gems/2.5.0/gems/train-3.1.1/test/integration/bootstrap.sh #!/bin/sh test ! -e /tmp/folder && \ mkdir /tmp/folder chmod 0567 /tmp/folder echo -n 'hello world' > /tmp/file test ! -e /tmp/symlink && \ ln -s /tmp/file /tmp/symlink chmod 0777 /tmp/symlink chmod 0765 /tmp/file echo -n 'hello suid/sgid/sticky' > /tmp/sfile chmod 7765 /tmp/sfile echo -n 'hello space' > /tmp/spaced\ file test ! -e /tmp/pipe && \ mkfifo /tmp/pipe test ! -e /tmp/block_device && \ mknod /tmp/block_device b 7 7 chmod 0666 /tmp/block_device
gem-train-core-3.1.1-alt1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gems/2.5.0/gems/train-core-3.1.1/test/integration/bootstrap.sh: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gems/2.5.0/gems/train-core-3.1.1/test/integration/bootstrap.sh #!/bin/sh test ! -e /tmp/folder && \ mkdir /tmp/folder chmod 0567 /tmp/folder echo -n 'hello world' > /tmp/file test ! -e /tmp/symlink && \ ln -s /tmp/file /tmp/symlink chmod 0777 /tmp/symlink chmod 0765 /tmp/file echo -n 'hello suid/sgid/sticky' > /tmp/sfile chmod 7765 /tmp/sfile echo -n 'hello space' > /tmp/spaced\ file test ! -e /tmp/pipe && \ mkfifo /tmp/pipe test ! -e /tmp/block_device && \ mknod /tmp/block_device b 7 7 chmod 0666 /tmp/block_device

generated by repocop at Sun Feb 16 04:44:47 2020