|
lz11-V2-1.2-alt1.qa2.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/lz11.stopjobs: $ grep /tmp/ /usr/bin/lz11.stopjobs if [ "${pids}" ] ; then exit 0 fi echo "${pids}" > /tmp/lz11.terminate waitcounts=30 echo echo echo "removing all active printer jobs for " echo " etc usr with PIDS ${pids}" if [ ${nonefound} == 1 ] ; then i=${waitcounts} echo -n " STOPPED!" fi done rm -f /tmp/lz11.terminate echo if [ ${nonefound} = 0 ] ; then echo "The program could not stop the prints safely." echo "Just killing the print processes now!" echo Found error in /usr/bin/lz11.foomatic: $ grep -A5 -B5 /tmp/ /usr/bin/lz11.foomatic $debug = 1; local *ERR; if ($debug) { open(ERR,">>/tmp/lz11err"); print ERR "-----------\n"; print ERR "@ARGV\n"; } else { open(ERR, ">&STDERR"); } -- # ---------------------------------------------------------- # cZ11 command line # ---------------------------------------------------------- $cz11 = "cZ11-V2 $devicez11 $sizez11 $adjustz11"; if ( $cancel == 1 ) { $cz11 = "$cz11"." --terminate=/tmp/lz11.terminate"; } elsif ( $cancel ) { $cz11 = "$cz11"." --terminate-eject=/tmp/lz11.terminate"; } $cz11 = "$cz11"." 2>>/tmp/lz11err"; # ---------------------------------------------------------- # Do it! # ---------------------------------------------------------- $invokation = "$gs -q -dBATCH -dSAFER -dNOPAUSE $devicegs $ditherppi $resgs $sizegs -sOutputFile=- - | $cz11"; if ($debug) { print ERR "$invokation \n"; } system("$invokation"); system("chmod a+rw /tmp/lz11*"); close(ERR); |