|
netdata-1.43.2-alt3.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/netdata/plugins.d/health-cmdapi-test.sh: $ grep /tmp/ /usr/lib/netdata/plugins.d/health-cmdapi-test.sh d['alarms']['system.cpu.10min_cpu_iowait']['silenced'], \ d['alarms']['system.load.load_trigger']['disabled'], \ d['alarms']['system.load.load_trigger']['silenced'], \ );" 2>&1) if [ $? 0 ] ; then echo " ${RED}ERROR: Unexpected response stored in /tmp/resp-$number.json" echo "$resp" > /tmp/resp-$number.json err=$((err+1)) iter=0 elif [ "${r}" != "${2}" ] ; then echo " ${GRAY}WARNING: 'Got ${r}'. Expected '${2}'" iter=$((iter+1)) |