fail GMT-common-6.4.0-alt1_10.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/gmt/tools/gmt_prepmex.sh: $ grep /tmp/ /usr/share/gmt/tools/gmt_prepmex.sh # First get a reliable absolute path to the bundle's top directory pushd $(dirname $0) > /dev/null BUNDLEDIR=$(pwd | sed sB/Contents/Resources/share/toolsBBg) popd > /dev/null # Set path to the new gmt installation MEXGMT5DIR=/tmp/$$/gmt # Set path to additional subdirectories MEXLIBDIR=$MEXGMT5DIR/lib MEXINCDIR=$MEXGMT5DIR/include MEXSHADIR=$MEXGMT5DIR/share MEXBINDIR=$MEXGMT5DIR/bin cp -r etc usr $MEXBINDIR # Now copy the lib files printf "gmt_prepmex.sh: Copy and rename libraries\n" >&2 cd $BUNDLEDIR/Contents/Resources/lib # Find a list of all libs shipped with the OSX bundle, except our own: ls *.dylib | egrep -v 'libgmt.dylib|libpostscriptlight.dylib' > /tmp/l.lis # For each, duplicate into /opt/gmt but add a leading X to each name while read lib; do new=$(echo $lib | awk '{printf "libX%s\n", substr($1,4)}') cp $lib $MEXLIBDIR/$new done < /tmp/l.lis # Copy the supplement shared plugin cp gmt/plugins/supplements.so $MEXLIBDIR/gmt/plugins cd $MEXLIBDIR ls *.dylib > /tmp/l.lis printf "gmt_prepmex.sh: Rebaptize libraries\n" >&2 # For all libs in $MEXLIBDIR, change internal references to contain the leading "X" while read lib; do otool -L $lib | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') if [ $k -eq 1 ]; then # Do the id change was=$(echo $lib | awk -F/ '{print substr($1,4)}') install_name_tool -id /opt/gmt/lib/$new $lib else install_name_tool -change $old /opt/gmt/lib/$new $lib fi let k=k+1 done < /tmp/t.lis done < /tmp/l.lis # Set links to the new libs ln -s libXgmt.dylib libgmt.dylib ln -s libXpostscriptlight.dylib libpostscriptlight.dylib ln -s libXgmt.6.dylib libXgmt.dylib ln -s libXpostscriptlight.6.dylib libXpostscriptlight.dylib -- fi fi # Do plugin supplement separately since not called lib* cd gmt/plugins otool -L supplements.so | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') install_name_tool -change $old /opt/gmt/lib/$new supplements.so let k=k+1 done < /tmp/t.lis # Do bin dir cd $MEXBINDIR otool -L gmt | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') install_name_tool -change $old /opt/gmt/lib/$new gmt let k=k+1 done < /tmp/t.lis chmod -R ugo+r $MEXGMT5DIR printf "gmt_prepmex.sh: Install /opt/gmt\n" >&2 sudo cp -fpR $MEXGMT5DIR /opt rm -rf /tmp/$$ cd $here version=$(/opt/gmt/bin/gmt-config --version) # Report cat << EOF >&2 gmt_prepmex.sh: Made updated GMT $version installation in /opt/gmt; fail alterator-deploy-0.1.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/deploy: $ grep /tmp/ /usr/lib/alterator/backend3/deploy ;; esac ;; write) case "${in__objects##*/}" in set) echo "Role: ${in_role:?}" >> /tmp/out echo "Parameter: ${in_parameter:?}" >> /tmp/out echo "Value: ${in_value:?}" >> /tmp/out set_parameter "${in_role:?}" "${in_parameter:?}" "${in_value?}" ;; reset) reset_parameter "${in_role:?}" "${in_parameter:?}" ;;; fail alterator-mass-management-0.1.7-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/mass-management: $ grep /tmp/ /usr/lib/alterator/backend3/mass-management mkdir "$TASKS_DIR/task-$number" cat >"$TASKS_DIR/task-$number.yml" <> /tmp/mode.log echo "$(set|grep -a "in_")" >> /tmp/mode.log case "$in_action" in type) write_type_item hostlist hostname-list #write_type_item add_host hostname ;;; fail alterator-net-domain-0.7.3-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/net-domain: $ grep /tmp/ /usr/lib/alterator/backend3/net-domain ## https://www.altlinux.org/ActiveDirectory/DC ad_provision_domain() { local domain_name="$1" shift local log="/tmp/samba-dc-provision-$(date +%d.%m.%Y-%H:%M:%S)-$domain_name.log" # Begin log date > "$log" echo "Domain: $domain_name" >> "$log" echo >> "$log" if [ "$in_domain_type" = 'ad' ]; then if ipa_install_running; then ipa_install_stop fi env > /tmp/net-domain.txt ad_current_domain="$($samba_tool domain info '127.0.0.1' | sed 's/ *: /:/' | sed -n 's/^Domain://p')" # Check creation of existing domain if [ "$ad_current_domain" != "$in_domain" ]; then write_domain "$in_domain" "1"; fail bacula13-director-common-13.0.4-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bacula13-director-common-13.0.4/updatedb/update_mysql_tables_11_to_12: $ grep /tmp/ /usr/share/doc/bacula13-director-common-13.0.4/updatedb/update_mysql_tables_11_to_12 echo " " bindir=/usr/bin PATH="$bindir:$PATH" db_name=${db_name:-bacula} mysql $* ${db_name} "select VersionId from Version\G" >/tmp/$$ DBVERSION=`sed 's/^VersionId: \(.*\)$/\1/p' /tmp/$$` if [ $DBVERSION != 11 ] ; then echo " " echo "The existing database is version $DBVERSION !!" echo "This script can only update an existing version 11 database to version 12." echo "Error. Cannot upgrade this database."; fail bacula13-director-mysql-13.0.4-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/bacula/scripts/update_mysql_tables: $ grep /tmp/ /usr/share/bacula/scripts/update_mysql_tables ARGS=$* getVersion() { mysql $ARGS ${db_name} "select VersionId from Version LIMIT 1\G" >/tmp/$$ DBVERSION=`sed 's/^VersionId: \(.*\)$/\1/p' /tmp/$$` } getVersion if [ "x$DBVERSION" = x ]; then; fail dracut-103-alt1.x86_64 0755 fail dracut-live-103-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh # live updates updates=$(getarg live.updates=) if [ "$updates" ]; then # make sure network comes up even if we're doing a local live device if [ "$netroot" ]; then echo > /tmp/net.ifaces fi echo "$updates" > /tmp/liveupdates.info echo '[ /tmp/liveupdates.done ]' > "$hookdir"/initqueue/finished/liveupdates.sh fi str_starts "$root" "live:" && liveurl="$root" str_starts "$liveurl" "live:" || return liveurl="${liveurl#live:}" Found error in /usr/lib/dracut/modules.d/90livenet/livenetroot.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/90livenet/livenetroot.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin RETRIES=${RETRIES:-100} SLEEP=${SLEEP:-5} [ /tmp/livenet.downloaded ] && exit 0 # args get passed from 40network/netroot netroot="$2" liveurl="${netroot#livenet:}" info "fetching $liveurl" sleep "$SLEEP" fi i=$((i + 1)) done > /tmp/livenet.downloaded # TODO: couldn't dmsquash-live-root handle this? if [ "${imgfile##*.}" = "iso" ]; then root=$(losetup -f) losetup "$root" "$imgfile" Found error in /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh #!/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/create-overlay.$$.out exec 2>> /tmp/create-overlay.$$.out set -x fi gatherData() { overlay=$(getarg rd.live.overlay) Found error in /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh do_iso_scan() { local _name local dev for dev in /dev/disk/by-uuid/*; do _name=$(dev_unit_name "$dev") [ -e /tmp/isoscan-"${_name}" ] && continue : > /tmp/isoscan-"${_name}" mount -t auto -o ro "$dev" "/run/initramfs/isoscan" || continue if [ -f "/run/initramfs/isoscan/$isofile" ]; then losetup -f "/run/initramfs/isoscan/$isofile" udevadm trigger --action=add > /dev/null 2>&1 ln -s "$dev" /run/initramfs/isoscandev Found error in /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh command -v unpack_archive > /dev/null || . /lib/img-lib.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/liveroot.$$.out exec 2>> /tmp/liveroot.$$.out set -x fi [ -z "$1" ] && exit 1 livedev="$1"; fail dracut-network-manager-103-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/35network-manager/nm-run.sh: $ grep /tmp/ /usr/lib/dracut/modules.d/35network-manager/nm-run.sh for _i in /sys/class/net/*; do [ "$_i" ] || continue state="/run/NetworkManager/devices/$(cat "$_i"/ifindex)" grep '^connection-uuid=' "$state" 2> /dev/null || continue ifname="${_i##*/}" dhcpopts_create "$state" > /tmp/dhclient."$ifname".dhcpopts source_hook initqueue/online "$ifname" /sbin/netroot "$ifname" done : > /tmp/nm.done; fail emacspeak-58.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/emacs/site-lisp/emacspeak/servers/log-espeak: $ grep /tmp/ /usr/share/emacs/site-lisp/emacspeak/servers/log-espeak #!/bin/sh LOG=/tmp/espeak-$$.log tee $LOG | `dirname $0`/espeak 2>&1 | tee /tmp/espeak-out-$$.log; fail foo2zjs-20200207-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/foo2hbpl2-wrapper: $ grep /tmp/ /usr/bin/foo2hbpl2-wrapper #%%BeginFeature: *CustomPageSize True #792.000000 612.000000 1 0.000000 0.000000 #pop pop pop pop pop if [ $DEBUG = 0 ]; then TMPFILE=/tmp/cus$$ else TMPFILE=/tmp/custom.ps fi cat >$TMPFILE exec <$TMPFILE tmp=`head 10000 $TMPFILE \ case $NUP in [234689]|1[024568]) PREFILTER="nup";; *) PREFILTER=cat;; esac if [ "$DEBUG" -ge 9 ]; then PREFILTER="tee /tmp/$BASENAME.ps" fi # # Overload -G. If the file name ends with ".icm" or ".ICM" # then convert the ICC color profile to a Postscript CRD, -- GAMMAFILE= fi } if [ $DEBUG -gt 0 ]; then ICCTMP=/tmp/icc else ICCTMP=/tmp/icc$$ fi if [ "" = "$COLOR" ]; then COLORMODE= GAMMAFILE= -- # CRD GAMMAFILE="" GAMMAFILE="$GAMMAFILE $CRDBASE/${model}cms" GAMMAFILE="$GAMMAFILE $CRDBASE/$SCREEN" # Black text... TMPFILE2=/tmp/black$$ cat $CRDBASE/black-text.ps - >$TMPFILE2 exec <$TMPFILE2 ;; *.crd) GAMMAFILE="$CRDBASE/prolog.ps" Found error in /usr/bin/foo2ddst-wrapper: $ grep -A5 -B5 /tmp/ /usr/bin/foo2ddst-wrapper #%%BeginFeature: *CustomPageSize True #792.000000 612.000000 1 0.000000 0.000000 #pop pop pop pop pop if [ $DEBUG = 0 ]; then TMPFILE=/tmp/cus$$ else TMPFILE=/tmp/custom.ps fi cat >$TMPFILE exec <$TMPFILE tmp=`head -n 10000 $TMPFILE \ -- case $NUP in [234689]|1[024568]) PREFILTER="nup";; *) PREFILTER=cat;; esac if [ "$DEBUG" -ge 9 ]; then PREFILTER="tee /tmp/$BASENAME.ps" fi # # Overload -G. If the file name ends with ".icm" or ".ICM" # then convert the ICC color profile to a Postscript CRD, -- GAMMAFILE= fi } if [ $DEBUG -gt 0 ]; then ICCTMP=/tmp/icc else ICCTMP=/tmp/icc$$ fi if [ "" = "$COLOR" ]; then COLORMODE= GAMMAFILE=; fail gem-aliyun-sdk-0.8.0-alt1.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/object.rb: $ grep /tmp/ /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/object.rb end # 上传一个文件 # 断点续传请参考:examples/resumable_upload.rb demo "Put object from local file" do File.open('/tmp/x', 'w'){ |f| f.write("hello world\n") } bucket.put_object('files/world', :file => '/tmp/x') puts "Put object: files/world" end # 创建一个Appendable object demo "Create appendable object" do puts "Total size: #{total_size}" end # 下载一个object:下载到文件中 demo "Get object to local file" do bucket.get_object('files/hello', :file => '/tmp/hello') puts "Get object: files/hello => /tmp/hello" end # 删除一个object demo "Delete object" do bucket.delete_object('files/world') -- :metas => {'year' => '2015', 'people' => 'mary'} ) do |content| content << 'hello world.' end o = bucket.get_object('files/hello', :file => '/tmp/x') puts "Object metas: #{o.metas}" end # 修改Object metas demo "Update object metas" do Found error in /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/resumable_download.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/resumable_download.rb puts end demo "Resumable download" do # 下载一个100M的文件 cpt_file = '/tmp/y.cpt' File.delete(cpt_file) if File.exist?(cpt_file) start = Time.now puts "Start download: resumable => /tmp/y" bucket.resumable_download( 'resumable', '/tmp/y', :cpt_file => cpt_file) do |progress| puts "Progress: #{(progress usr 100).round(2)} %" end puts "Download complete. Cost: #{Time.now - start} seconds." # 测试方法:; fail gem-foreman-hooks-0.3.17-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/foreman_hooks-0.3.17/examples/bash/log.sh: $ grep /tmp/ /usr/lib/ruby/gemie/gems/foreman_hooks-0.3.17/examples/bash/log.sh # Example of using hook_data to query the JSON representation of the object # passed by foreman_hooks. `cat $HOOK_OBJECT_FILE` to see the contents. hostname=$(hook_data host.name) echo "$(date): received ${event} on ${object}" >> /tmp/hook.log # exit code is important on orchestration tasks exit 0; fail gem-ruby-libvirt-0.8.3-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/tests/test_storage.rb: $ grep /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/tests/test_storage.rb test.img 0 1 /tmp/rb-libvirt-test/test.img EOF new_storage_vol_xml_2 = < test2.img 0 5 /tmp/rb-libvirt-test/test2.img EOF # TESTGROUP: vol.pool expect_invalid_arg_type(newpool, "delete", 'foo') expect_success(newpool, "no args", "delete") if !test_default_uri? `mkdir -p /tmp/rb-libvirt-test` end newpool.undefine if !test_default_uri? Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/examples/storage.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/examples/storage.rb # etc. See https://libvirt.org/formatstorage.html for more details require 'libvirt' # a directory storage pool. This will be a pool with the name # 'ruby-libvirt-tester' with the pool itself in /tmp/ruby-libvirt-tester storage_pool_xml = < ruby-libvirt-tester 33a5c045-645a-2c00-e56b-927cdf34e17a /tmp/ruby-libvirt-tester EOF # a storage volume. This will have name test.img, with capacity of 1GB -- test.img 0 1 /tmp/ruby-libvirt-tester/test.img EOF # open up the connection to libvirt; fail gnormalize-0.63-alt1.qa1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/gnormalize: $ grep /tmp/ /usr/bin/gnormalize if ($show_cdplayer_skin and defined $window_cd_player){ # with skin_xTunes $widget->set_size_request (225, 90); # set a minimum size: (width,height) ; skin_xTunes #(pixmap, mask) = Gtk2::Gdk::Pixmap->create_from_xpm ($drawable, $transparent_color, $filename) #($pixmap, $pixmap_mask) = Gtk2::Gdk::Pixmap->create_from_xpm ($widget->window, undef, '/tmp/skin_xTunes.xpm'); ($pixmap, $pixmap_mask) = Gtk2::Gdk::Pixmap->create_from_xpm_d($widget->window, undef, @skin_xTunes); #my $pixmap_widget = Gtk2::Image->new_from_pixmap ($gdkpixmap, $mask); $window_cd_player->shape_combine_mask( $pixmap_mask, 0, 0 ) if not $window_cd_player->get_decorated; ###----------- add files to treeview --------------### sub sort_full_path_names{ my @array = @_; # For example: # $array[0] = '/tmp/teste/teste4/mus.mp3' # $array[1] = '/tmp/teste/teste2/teste4/mus.mp3' # $array[2] = '/tmp/mus.mp3' # First, sort this array in ascending order by number of '/' character. # Then, sort in case-insensitively mode. # sort case-insensitively : @articles = sort {uc($a) cmp uc($b)} @files; (see man perlfunc) # multiple comparisons in the routine and separate them with ||. # See Perl Cookbook, 2nd Edition. Chap. 4.16; 10.18 for help; #my $teste = '/tmp/teste/teste2/teste4/mus.mp3'; $teste =~ s/[^\/]//g; print "teste = $teste\n"; # output: teste = ///// # first compare the number of directory character '/'. sub compare_dir { (my $temp1 = $a) =~ s/[^\/]//g; # remove all character but '/' (my $temp2 = $b) =~ s/[^\/]//g; -- #This file 100% done All files 99% done # WaveGain Processing completed normally # No Title Gain adjustment or DC Offset correction required for file: # Error renaming '/tmp/wavegain.tmp' to '04.wav' (uh-oh) # Error processing GAIN for file - 04.wav #print "--> $_\n"; if ( $_ =~ /^\s+Applying Gain of ([-+]\d+[.,]\d+) dB to file:/ ){ $adjust = $1; } -- # leave room for WAV header (44 bytes) #seek WAV, 44, 0; #print "cdrom_rip = $cdrom_rip; value = $$addr[0]; addr = $addr; startframe = $startframe\n"; open WAV, ">/tmp/track${track}.wav" or die $!; binmode WAV; #print WAV $cdrom_rip; for (my $i=0;$i<2352;$i++){ print WAV $buf[$i]; } #syswrite(WAV, $buffer, 2352 );; fail imapsync-2.229-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/imapsync: $ grep /tmp/ /usr/bin/imapsync How do you know the sync is finished and well done? When imapsync ends by itself it mentions it with lines like those: Exiting with return value 0 (EX_OK: successful termination) 0/50 nb_errors/max_errors PID 301 Removing pidfile /tmp/imapsync.pid Log file is LOG_imapsync/2020_11_17_15_59_22_761_test1_test2.txt ( to change it, use filepath ; or use to turn off logging ) If you don't have those lines it means that either the sync process is still running (or eventually hanging indefinitely) or that it ended without a whisper, a strong kill on Linux for example. Readonly my $TRUE => 1 ; Readonly my $FALSE => 0 ; Readonly my $LAST_RESSORT_SEPARATOR => q{/} ; Readonly my $CGI_TMPDIR_TOP => '/var/tmp/imapsync_cgi' ; Readonly my $CGI_HASHFILE => '/var/tmp/imapsync_hash' ; Readonly my $UMASK_PARANO => '0077' ; Readonly my $STR_use_releasecheck => q{Check if a new imapsync release is available by adding --releasecheck} ; Readonly my $GMAIL_MAXSIZE => 35_651_584 ; -- output( $mysync, "No log by default in Docker context. Use --log to trigger logging to the logfile.\n" ) ; $mysync->{ log } = 0 ; } # In case something is written relatively to . my $tmp_dir = "/var/tmp/uid_$EFFECTIVE_USER_ID" ; mkpath( $tmp_dir ) ; # silly? No. it is for imapsync --version being ok. do_valid_directory( $tmp_dir ) ; output( $mysync, "Changing current directory to $tmp_dir\n" ) ; chdir $tmp_dir ; -- is( undef, loglogfile( $mysync ), 'loglogfile: undef => undef' ) ; $mysync->{ loglogfile } = 1 ; $mysync->{ log } = 1 ; is( undef, loglogfile( $mysync ), 'loglogfile: no logfile => undef' ) ; $mysync->{ logfile } = "logfile.txt" ; $mysync->{ loglogfilename } = "W/tmp/tests/list_all_logs_auto.txt" ; like( loglogfile( $mysync ), qr{logfile.txt}xms, 'loglogfile: logfile=logfile.txt => ' ) ; note( 'Leaving tests_loglogfile()' ) ; return ; } -- SKIP: { if ( 'MSWin32' eq $OSNAME or '0' eq $EFFECTIVE_USER_ID ) { skip( 'Tests only for non-root Unix', 1 ) ; } $mysync->{ hashfile } = '/rrr' ; is( undef, hashsynclocal( $mysync ), 'hashsynclocal: permission denied' ) ; } ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'hashsynclocal: mkpath W/tmp/tests/' ) ; $mysync->{ hashfile } = 'W/tmp/tests/imapsync_hash' ; ok( ! -e 'W/tmp/tests/imapsync_hash' || unlink 'W/tmp/tests/imapsync_hash', 'hashsynclocal: unlink W/tmp/tests/imapsync_hash' ) ; ok( ! -e 'W/tmp/tests/imapsync_hash', 'hashsynclocal: verify there is no W/tmp/tests/imapsync_hash' ) ; is( 'ecdeb4ede672794d173da4e08c52b8ee19b7d252', hashsynclocal( $mysync, 'mukksyhpmbixkxkpjlqivmlqsulpictj' ), 'hashsynclocal: creating/reading W/tmp/tests/imapsync_hash' ) ; # A second time now is( 'ecdeb4ede672794d173da4e08c52b8ee19b7d252', hashsynclocal( $mysync ), 'hashsynclocal: reading W/tmp/tests/imapsync_hash second time => same' ) ; note( 'Leaving tests_hashsynclocal()' ) ; return ; } -- sub tests_do_valid_directory { note( 'Entering tests_do_valid_directory()' ) ; is( 1, do_valid_directory( '.'), 'do_valid_directory: . good' ) ; is( 1, do_valid_directory( './W/tmp/tests/valid/sub'), 'do_valid_directory: ./W/tmp/tests/valid/sub good' ) ; Readonly my $NB_UNIX_tests_do_valid_directory_non_root => 2 ; diag( "OSNAME=$OSNAME EFFECTIVE_USER_ID=$EFFECTIVE_USER_ID" ) ; SKIP: { -- sub tests_remove_pidfile_not_running { note( 'Entering tests_remove_pidfile_not_running()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'remove_pidfile_not_running: mkpath W/tmp/tests/' ) ; is( undef, remove_pidfile_not_running( ), 'remove_pidfile_not_running: no args => undef' ) ; is( undef, remove_pidfile_not_running( './W' ), 'remove_pidfile_not_running: a dir => undef' ) ; is( undef, remove_pidfile_not_running( 'noexists' ), 'remove_pidfile_not_running: noexists => undef' ) ; is( 1, touch( 'W/tmp/tests/empty.pid' ), 'remove_pidfile_not_running: prepa empty W/tmp/tests/empty.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/empty.pid' ), 'remove_pidfile_not_running: W/tmp/tests/empty.pid => undef' ) ; is( 'lalala', string_to_file( 'lalala', 'W/tmp/tests/lalala.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/lalala.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/lalala.pid' ), 'remove_pidfile_not_running: W/tmp/tests/lalala.pid => undef' ) ; is( '55555', string_to_file( '55555', 'W/tmp/tests/notrunning.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/notrunning.pid' ) ; is( 1, remove_pidfile_not_running( 'W/tmp/tests/notrunning.pid' ), 'remove_pidfile_not_running: W/tmp/tests/notrunning.pid => 1' ) ; is( $PROCESS_ID, string_to_file( $PROCESS_ID, 'W/tmp/tests/running.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/running.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/running.pid' ), 'remove_pidfile_not_running: W/tmp/tests/running.pid => undef' ) ; note( 'Leaving tests_remove_pidfile_not_running()' ) ; return ; } -- sub tests_tail { note( 'Entering tests_tail()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'tail: mkpath W/tmp/tests/' ) ; ok( ( ! -e 'W/tmp/tests/tail.pid' || unlink 'W/tmp/tests/tail.pid' ), 'tail: unlink W/tmp/tests/tail.pid' ) ; ok( ( ! -e 'W/tmp/tests/tail.txt' || unlink 'W/tmp/tests/tail.txt' ), 'tail: unlink W/tmp/tests/tail.txt' ) ; is( undef, tail( ), 'tail: no args => undef' ) ; my $mysync ; is( undef, tail( $mysync ), 'tail: no pidfile => undef' ) ; $mysync->{pidfile} = 'W/tmp/tests/tail.pid' ; is( undef, tail( $mysync ), 'tail: no pidfilelocking => undef' ) ; $mysync->{pidfilelocking} = 1 ; is( undef, tail( $mysync ), 'tail: pidfile no exists => undef' ) ; my $pidandlog = "33333\nW/tmp/tests/tail.txt\n" ; is( $pidandlog, string_to_file( $pidandlog, $mysync->{pidfile} ), 'tail: put pid 33333 and tail.txt in pidfile' ) ; is( undef, tail( $mysync ), 'tail: logfile to tail no exists => undef' ) ; my $tailcontent = "L1\nL2\nL3\nL4\nL5\n" ; is( $tailcontent, string_to_file( $tailcontent, 'W/tmp/tests/tail.txt' ), 'tail: put L1\nL2\nL3\nL4\nL5\n in W/tmp/tests/tail.txt' ) ; is( undef, tail( $mysync ), 'tail: fake pid in pidfile + tail off => 1' ) ; $mysync->{ tail } = 1 ; is( 1, tail( $mysync ), 'tail: fake pid in pidfile + tail on=> 1' ) ; # put my own pid, won't do tail $pidandlog = "$PROCESS_ID\nW/tmp/tests/tail.txt\n" ; is( $pidandlog, string_to_file( $pidandlog, $mysync->{pidfile} ), 'tail: put my own PID in pidfile' ) ; is( undef, tail( $mysync ), 'tail: my own pid in pidfile => undef' ) ; note( 'Leaving tests_tail()' ) ; return ; -- is( undef, write_pidfile( $mysync ), 'write_pidfile: no permission for /no/no/no.pid, no lock => undef' ) ; $mysync->{pidfilelocking} = 1 ; is( undef, write_pidfile( $mysync ), 'write_pidfile: no permission for /no/no/no.pid + lock => undef' ) ; $mysync->{pidfile} = 'W/tmp/tests/test.pid' ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'write_pidfile: mkpath W/tmp/tests/' ) ; is( 1, touch( $mysync->{pidfile} ), 'write_pidfile: lock prepa' ) ; $mysync->{pidfilelocking} = 0 ; is( 1, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + no lock => 1' ) ; is( $PROCESS_ID, firstline( 'W/tmp/tests/test.pid' ), "write_pidfile: W/tmp/tests/test.pid contains $PROCESS_ID" ) ; is( q{}, secondline( 'W/tmp/tests/test.pid' ), "write_pidfile: W/tmp/tests/test.pid contains no second line" ) ; $mysync->{pidfilelocking} = 1 ; is( undef, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + lock => undef' ) ; $mysync->{pidfilelocking} = 0 ; $mysync->{ logfile } = 'rrrr.txt' ; is( 1, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + no lock + logfile => 1' ) ; is( $PROCESS_ID, firstline( 'W/tmp/tests/test.pid' ), "write_pidfile: + no lock + logfile W/tmp/tests/test.pid contains $PROCESS_ID" ) ; is( q{rrrr.txt}, secondline( 'W/tmp/tests/test.pid' ), "write_pidfile: + no lock + logfile W/tmp/tests/test.pid contains rrrr.txt" ) ; note( 'Leaving tests_write_pidfile()' ) ; return ; } -- sub tests_get_cache { note( 'Entering tests_get_cache()' ) ; ok( not( get_cache('/cache_no_exist') ), 'get_cache: /cache_no_exist' ); ok( ( not -d 'W/tmp/cache/F1/F2' or rmtree( 'W/tmp/cache/F1/F2' ) ), 'get_cache: rmtree W/tmp/cache/F1/F2' ) ; ok( mkpath( 'W/tmp/cache/F1/F2' ), 'get_cache: mkpath W/tmp/cache/F1/F2' ) ; my @test_files_cache = ( qw( W/tmp/cache/F1/F2/100_200 W/tmp/cache/F1/F2/101_201 W/tmp/cache/F1/F2/120_220 W/tmp/cache/F1/F2/142_242 W/tmp/cache/F1/F2/143_243 W/tmp/cache/F1/F2/177_277 W/tmp/cache/F1/F2/177_377 W/tmp/cache/F1/F2/177_777 W/tmp/cache/F1/F2/155_255 ) ) ; ok( touch( @test_files_cache ), 'get_cache: touch W/tmp/cache/F1/F2/...' ) ; # on cache: 100_200 101_201 142_242 143_243 177_277 177_377 177_777 155_255 # on live: my $msgs_1 = [120, 142, 143, 144, 177 ]; -- my $msgs_all_1 = { 120 => 0, 142 => 0, 143 => 0, 144 => 0, 177 => 0 } ; my $msgs_all_2 = { 242 => 0, 243 => 0, 299 => 0, 377 => 0, 777 => 0, 255 => 0 } ; my( $c12, $c21 ) ; ok( ( $c12, $c21 ) = get_cache( 'W/tmp/cache/F1/F2', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2 ), 'get_cache: 02' ); my $a1 = [ sort { $a <=> $b } keys %{ $c12 } ] ; my $a2 = [ sort { $a <=> $b } keys %{ $c21 } ] ; ok( 0 == compare_lists( [ 142, 143, 177 ], $a1 ), 'get_cache: 03' ); ok( 0 == compare_lists( [ 242, 243, 777 ], $a2 ), 'get_cache: 04' ); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 142_242'); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 143_243'); ok( ! -f 'W/tmp/cache/F1/F2/100_200', 'get_cache: file removed 100_200'); ok( ! -f 'W/tmp/cache/F1/F2/101_201', 'get_cache: file removed 101_201'); # test clean_cache executed $maxage = 2 ; ok( touch(@test_files_cache), 'get_cache: touch W/tmp/cache/F1/F2/...' ) ; ok( ( $c12, $c21 ) = get_cache('W/tmp/cache/F1/F2', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2 ), 'get_cache: 02' ); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 142_242'); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 143_243'); ok( ! -f 'W/tmp/cache/F1/F2/100_200', 'get_cache: file NOT removed 100_200'); ok( ! -f 'W/tmp/cache/F1/F2/101_201', 'get_cache: file NOT removed 101_201'); # strange files #$debugcache = 1 ; $maxage = undef ; ok( ( not -d 'W/tmp/cache/rr\uee' or rmtree( 'W/tmp/cache/rr\uee' )), 'get_cache: rmtree W/tmp/cache/rr\uee' ) ; ok( mkpath( 'W/tmp/cache/rr\uee' ), 'get_cache: mkpath W/tmp/cache/rr\uee' ) ; @test_files_cache = ( qw( W/tmp/cache/rr\uee/100_200 W/tmp/cache/rr\uee/101_201 W/tmp/cache/rr\uee/120_220 W/tmp/cache/rr\uee/142_242 W/tmp/cache/rr\uee/143_243 W/tmp/cache/rr\uee/177_277 W/tmp/cache/rr\uee/177_377 W/tmp/cache/rr\uee/177_777 W/tmp/cache/rr\uee/155_255 ) ) ; ok( touch(@test_files_cache), 'get_cache: touch strange W/tmp/cache/...' ) ; # on cache: 100_200 101_201 142_242 143_243 177_277 177_377 177_777 155_255 # on live: $msgs_1 = [120, 142, 143, 144, 177 ] ; $msgs_2 = [ 242, 243, 299, 377, 777, 255 ] ; $msgs_all_1 = { 120 => q{}, 142 => q{}, 143 => q{}, 144 => q{}, 177 => q{} } ; $msgs_all_2 = { 242 => q{}, 243 => q{}, 299 => q{}, 377 => q{}, 777 => q{}, 255 => q{} } ; ok( ( $c12, $c21 ) = get_cache('W/tmp/cache/rr\uee', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2), 'get_cache: strange path 02' ); $a1 = [ sort { $a <=> $b } keys %{ $c12 } ] ; $a2 = [ sort { $a <=> $b } keys %{ $c21 } ] ; ok( 0 == compare_lists( [ 142, 143, 177 ], $a1 ), 'get_cache: strange path 03' ); ok( 0 == compare_lists( [ 242, 243, 777 ], $a2 ), 'get_cache: strange path 04' ); ok( -f 'W/tmp/cache/rr\uee/142_242', 'get_cache: strange path file kept 142_242'); ok( -f 'W/tmp/cache/rr\uee/142_242', 'get_cache: strange path file kept 143_243'); ok( ! -f 'W/tmp/cache/rr\uee/100_200', 'get_cache: strange path file removed 100_200'); ok( ! -f 'W/tmp/cache/rr\uee/101_201', 'get_cache: strange path file removed 101_201'); note( 'Leaving tests_get_cache()' ) ; return ; } -- ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '123_456' ), 'match_a_cache_file: 123_456' ) ; ok( '123' eq $tuid1, 'match_a_cache_file: 123_456 1' ) ; ok( '456' eq $tuid2, 'match_a_cache_file: 123_456 2' ) ; ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '/tmp/truc/123_456' ), 'match_a_cache_file: /tmp/truc/123_456' ) ; ok( '123' eq $tuid1, 'match_a_cache_file: /tmp/truc/123_456 1' ) ; ok( '456' eq $tuid2, 'match_a_cache_file: /tmp/truc/123_456 2' ) ; ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '/lala123_456' ), 'match_a_cache_file: NO /lala123_456' ) ; ok( ! $tuid1, 'match_a_cache_file: /lala123_456 1' ) ; ok( ! $tuid2, 'match_a_cache_file: /lala123_456 2' ) ; -- sub tests_clean_cache { note( 'Entering tests_clean_cache()' ) ; ok( ( not -d 'W/tmp/cache/G1/G2' or rmtree( 'W/tmp/cache/G1/G2' )), 'clean_cache: rmtree W/tmp/cache/G1/G2' ) ; ok( mkpath( 'W/tmp/cache/G1/G2' ), 'clean_cache: mkpath W/tmp/cache/G1/G2' ) ; my @test_files_cache = ( qw( W/tmp/cache/G1/G2/100_200 W/tmp/cache/G1/G2/101_201 W/tmp/cache/G1/G2/120_220 W/tmp/cache/G1/G2/142_242 W/tmp/cache/G1/G2/143_243 W/tmp/cache/G1/G2/177_277 W/tmp/cache/G1/G2/177_377 W/tmp/cache/G1/G2/177_777 W/tmp/cache/G1/G2/155_255 ) ) ; ok( touch(@test_files_cache), 'clean_cache: touch W/tmp/cache/G1/G2/...' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache: 100_200 before' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache: 142_242 before' ); ok( -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache: 177_277 before' ); ok( -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache: 177_377 before' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache: 177_777 before' ); ok( -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache: 155_255 before' ); my $cache = { 142 => 242, 177 => 777, } ; -- 242 => q{}, 777 => q{}, } ; ok( clean_cache( \@test_files_cache, $cache, $all_1, $all_2 ), 'clean_cache: ' ) ; ok( ! -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache: 100_200 after' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache: 142_242 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache: 177_277 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache: 177_377 after' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache: 177_777 after' ); ok( ! -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache: 155_255 after' ); note( 'Leaving tests_clean_cache()' ) ; return ; } sub tests_clean_cache_2 { note( 'Entering tests_clean_cache_2()' ) ; ok( ( not -d 'W/tmp/cache/G1/G2' or rmtree( 'W/tmp/cache/G1/G2' )), 'clean_cache_2: rmtree W/tmp/cache/G1/G2' ) ; ok( mkpath( 'W/tmp/cache/G1/G2' ), 'clean_cache_2: mkpath W/tmp/cache/G1/G2' ) ; my @test_files_cache = ( qw( W/tmp/cache/G1/G2/100_200 W/tmp/cache/G1/G2/101_201 W/tmp/cache/G1/G2/120_220 W/tmp/cache/G1/G2/142_242 W/tmp/cache/G1/G2/143_243 W/tmp/cache/G1/G2/177_277 W/tmp/cache/G1/G2/177_377 W/tmp/cache/G1/G2/177_777 W/tmp/cache/G1/G2/155_255 ) ) ; ok( touch(@test_files_cache), 'clean_cache_2: touch W/tmp/cache/G1/G2/...' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache_2: 100_200 before' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache_2: 142_242 before' ); ok( -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache_2: 177_277 before' ); ok( -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache_2: 177_377 before' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache_2: 177_777 before' ); ok( -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache_2: 155_255 before' ); my $cache = { 142 => 242, 177 => 777, } ; -- ok( clean_cache( \@test_files_cache, $cache, $all_1, $all_2 ), 'clean_cache_2: ' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache_2: 100_200 after' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache_2: 142_242 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache_2: 177_277 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache_2: 177_377 after' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache_2: 177_777 after' ); ok( ! -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache_2: 155_255 after' ); note( 'Leaving tests_clean_cache_2()' ) ; return ; } -- sub tests_mkpath { note( 'Entering tests_mkpath()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' )), 'mkpath: mkpath W/tmp/tests/' ) ; SKIP: { skip( 'Tests only for Unix', 10 ) if ( 'MSWin32' eq $OSNAME ) ; my $long_path_unix = '123456789/' x 30 ; ok( ( -d "W/tmp/tests/long/$long_path_unix" or mkpath( "W/tmp/tests/long/$long_path_unix" ) ), 'mkpath: mkpath 300 char' ) ; ok( -d "W/tmp/tests/long/$long_path_unix", 'mkpath: mkpath > 300 char verified' ) ; ok( ( -d "W/tmp/tests/long/$long_path_unix" and rmtree( 'W/tmp/tests/long/' ) ), 'mkpath: rmtree 300 char' ) ; ok( ! -d "W/tmp/tests/long/$long_path_unix", 'mkpath: rmtree 300 char verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' or mkpath( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: mkpath trailing_dots...' ) ; ok( -d 'W/tmp/tests/trailing_dots...', 'mkpath: mkpath trailing_dots... verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' and rmtree( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: rmtree trailing_dots...' ) ; ok( ! -d 'W/tmp/tests/trailing_dots...', 'mkpath: rmtree trailing_dots... verified' ) ; eval { ok( 1 / 0, 'mkpath: divide by 0' ) ; } or ok( 1, 'mkpath: can not divide by 0' ) ; ok( 1, 'mkpath: still alive' ) ; } ; -- eval { ok( ( -d $long_path_300 or mkpath( $long_path_300 ) ), 'mkpath: create a path with 300 characters' ) ; } or ok( 1, 'mkpath: can not create a path with 300 characters' ) ; ok( ( ( ! -d $long_path_300 ) or -d $long_path_300 and rmtree( $long_path_300 ) ), 'mkpath: rmtree the 300 character path' ) ; ok( 1, 'mkpath: still alive' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' or mkpath( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: mkpath trailing_dots...' ) ; ok( -d 'W/tmp/tests/trailing_dots...', 'mkpath: mkpath trailing_dots... verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' and rmtree( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: rmtree trailing_dots...' ) ; ok( ! -d 'W/tmp/tests/trailing_dots...', 'mkpath: rmtree trailing_dots... verified' ) ; } ; note( 'Leaving tests_mkpath()' ) ; -- sub tests_touch { note( 'Entering tests_touch()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' )), 'touch: mkpath W/tmp/tests/' ) ; ok( 1 == touch( 'W/tmp/tests/lala'), 'touch: W/tmp/tests/lala') ; ok( 1 == touch( 'W/tmp/tests/\y'), 'touch: W/tmp/tests/\y') ; ok( 0 == touch( '/no/no/no/aaa'), 'touch: not /aaa') ; ok( 1 == touch( 'W/tmp/tests/lili', 'W/tmp/tests/lolo'), 'touch: 2 files') ; ok( 0 == touch( 'W/tmp/tests/\y', '/no/no/aaa'), 'touch: 2 files, 1 fails' ) ; note( 'Leaving tests_touch()' ) ; return ; } -- sub tests_firstline { note( 'Entering tests_firstline()' ) ; is( q{}, firstline( 'W/tmp/tests/noexist.txt' ), 'firstline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'firstline: mkpath W/tmp/tests/' ) ; is( "blabla\n" , string_to_file( "blabla\n", 'W/tmp/tests/firstline.txt' ), 'firstline: put blabla in W/tmp/tests/firstline.txt' ) ; is( 'blabla' , firstline( 'W/tmp/tests/firstline.txt' ), 'firstline: get blabla from W/tmp/tests/firstline.txt' ) ; is( q{} , string_to_file( q{}, 'W/tmp/tests/firstline2.txt' ), 'firstline: put empty string in W/tmp/tests/firstline2.txt' ) ; is( q{} , firstline( 'W/tmp/tests/firstline2.txt' ), 'firstline: get empty string from W/tmp/tests/firstline2.txt' ) ; is( "\n" , string_to_file( "\n", 'W/tmp/tests/firstline3.txt' ), 'firstline: put CR in W/tmp/tests/firstline3.txt' ) ; is( q{} , firstline( 'W/tmp/tests/firstline3.txt' ), 'firstline: get empty string from W/tmp/tests/firstline3.txt' ) ; is( "blabla\nTiti\n" , string_to_file( "blabla\nTiti\n", 'W/tmp/tests/firstline4.txt' ), 'firstline: put blabla\nTiti\n in W/tmp/tests/firstline4.txt' ) ; is( 'blabla' , firstline( 'W/tmp/tests/firstline4.txt' ), 'firstline: get blabla from W/tmp/tests/firstline4.txt' ) ; note( 'Leaving tests_firstline()' ) ; return ; } -- sub tests_secondline { note( 'Entering tests_secondline()' ) ; is( q{}, secondline( 'W/tmp/tests/noexist.txt' ), 'secondline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; is( q{}, secondline( 'W/tmp/tests/noexist.txt', 2 ), 'secondline: 2nd getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'secondline: mkpath W/tmp/tests/' ) ; is( "L1\nL2\nL3\nL4\n" , string_to_file( "L1\nL2\nL3\nL4\n", 'W/tmp/tests/secondline.txt' ), 'secondline: put L1\nL2\nL3\nL4\n in W/tmp/tests/secondline.txt' ) ; is( 'L2' , secondline( 'W/tmp/tests/secondline.txt' ), 'secondline: get L2 from W/tmp/tests/secondline.txt' ) ; note( 'Leaving tests_secondline()' ) ; return ; } -- sub tests_nthline { note( 'Entering tests_nthline()' ) ; is( q{}, nthline( 'W/tmp/tests/noexist.txt' ), 'nthline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; is( q{}, nthline( 'W/tmp/tests/noexist.txt', 2 ), 'nthline: 2nd getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'nthline: mkpath W/tmp/tests/' ) ; is( "L1\nL2\nL3\nL4\n" , string_to_file( "L1\nL2\nL3\nL4\n", 'W/tmp/tests/nthline.txt' ), 'nthline: put L1\nL2\nL3\nL4\n in W/tmp/tests/nthline.txt' ) ; is( 'L3' , nthline( 'W/tmp/tests/nthline.txt', 3 ), 'nthline: get L3 from W/tmp/tests/nthline.txt' ) ; note( 'Leaving tests_nthline()' ) ; return ; } -- is( undef, file_to_array( ), 'file_to_array: no args => undef' ) ; is( undef, file_to_array( '/noexist' ), 'file_to_array: /noexist => undef' ) ; is( undef, file_to_array( '/' ), 'file_to_array: reading a directory => undef' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'file_to_array: mkpath W/tmp/tests/' ) ; is( "L1\nL2\nL3\nL4\n" , string_to_file( "L1\nL2\nL3\nL4\n", 'W/tmp/tests/file_to_array.txt' ), 'file_to_array: put L1\nL2\nL3\nL4\n in W/tmp/tests/file_to_array.txt' ) ; is_deeply( [ "L1\n", "L2\n", "L3\n", "L4\n" ] , [ file_to_array( 'W/tmp/tests/file_to_array.txt' ) ], 'file_to_array: get back L1\n L2\n L3\n L4\n from W/tmp/tests/file_to_array.txt' ) ; note( 'Leaving tests_file_to_array()' ) ; return ; } -- is( undef, file_to_string( ), 'file_to_string: no args => undef' ) ; is( undef, file_to_string( '/noexist' ), 'file_to_string: /noexist => undef' ) ; is( undef, file_to_string( '/' ), 'file_to_string: reading a directory => undef' ) ; ok( file_to_string( $PROGRAM_NAME ), 'file_to_string: reading myself' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'file_to_string: mkpath W/tmp/tests/' ) ; is( 'lilili', string_to_file( 'lilili', 'W/tmp/tests/canbewritten' ), 'file_to_string: string_to_file filling W/tmp/tests/canbewritten with lilili' ) ; is( 'lilili', file_to_string( 'W/tmp/tests/canbewritten' ), 'file_to_string: reading W/tmp/tests/canbewritten is lilili' ) ; is( q{}, string_to_file( q{}, 'W/tmp/tests/empty' ), 'file_to_string: string_to_file filling W/tmp/tests/empty with empty string' ) ; is( q{}, file_to_string( 'W/tmp/tests/empty' ), 'file_to_string: reading W/tmp/tests/empty is empty' ) ; note( 'Leaving tests_file_to_string()' ) ; return ; } -- note( 'Entering tests_string_to_file()' ) ; is( undef, string_to_file( ), 'string_to_file: no args => undef' ) ; is( undef, string_to_file( 'lalala' ), 'string_to_file: one arg => undef' ) ; is( undef, string_to_file( 'lalala', '.' ), 'string_to_file: writing a directory => undef' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'string_to_file: mkpath W/tmp/tests/' ) ; is( 'lalala', string_to_file( 'lalala', 'W/tmp/tests/canbewritten' ), 'string_to_file: W/tmp/tests/canbewritten with lalala' ) ; is( q{}, string_to_file( q{}, 'W/tmp/tests/empty' ), 'string_to_file: W/tmp/tests/empty with empty string' ) ; SKIP: { Readonly my $NB_UNX_tests_string_to_file => 1 ; skip( 'Not on Unix non-root', $NB_UNX_tests_string_to_file ) if ('MSWin32' eq $OSNAME or '0' eq $EFFECTIVE_USER_ID ) ; is( undef, string_to_file( 'lalala', '/cantouch' ), 'string_to_file: /cantouch denied => undef' ) ; -- return backtick( $command ) ; } sub search_dyn_lib_locale_linux { my $command = qq{ lsof -p $PROCESS_ID | grep ' REG ' | grep -v '/tmp/par-' | grep '\.so' } ; myprint( "Search non embeded dynamic libs with the command: $command\n" ) ; return backtick( $command ) ; } sub search_dyn_lib_locale_MSWin32 -- sub tests_logfileprepa { note( 'Entering tests_logfileprepa()' ) ; is( undef, logfileprepa( ), 'logfileprepa: no args => undef' ) ; my $logfile = 'W/tmp/tests/tests_logfileprepa.txt' ; is( 1, logfileprepa( $logfile ), 'logfileprepa: W/tmp/tests/tests_logfileprepa.txt => 1' ) ; note( 'Leaving tests_logfileprepa()' ) ; return ; } -- my $mysync = {} ; is( undef, teelaunch( $mysync ), 'teelaunch: arg empty {} => undef' ) ; is( undef, teelaunch( $mysync, '' ), 'teelaunch: empty string => undef' ) ; # First time, learning IO::Tee intrasics my $tee = teelaunch( $mysync, 'W/tmp/tests/tests_teelaunch.txt' ) ; isa_ok( $tee, 'IO::Tee', 'teelaunch: logfile W/tmp/tests/tests_teelaunch.txt' ) ; is( 1, print( $tee "Hi!\n" ), 'teelaunch: write Hi!') ; is( "Hi!\n", file_to_string( 'W/tmp/tests/tests_teelaunch.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch.txt is Hi!\n' ) ; is( 1, print( $tee "Hoo\n" ), 'teelaunch: write Hoo') ; is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch.txt is Hi!\nHoo\n' ) ; # closing file handle so tee won't be happy ($tee->handles)[0]->close ; is( undef, print( $tee "Argh1\n" ), 'teelaunch: write Argh1') ; is( undef, print( $tee "Argh2\n" ), 'teelaunch: write Argh2') ; # write not done is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch.txt is still Hi!\nHoo\n' ) ; print join( ' ', $tee->handles ), "\n"; is( 2, scalar $tee->handles, 'teelaunch: 2 handles') ; shift @{*{$tee}}; print join(' ', $tee->handles), "\n" ; is( 1, scalar $tee->handles, 'teelaunch: 1 handle') ; -- # will not print anything now is( 0, scalar $tee->handles, 'teelaunch: 0 handle') ; is( 1, print( $tee "Argh 4\n" ), 'teelaunch: write Argh4 no') ; # Second time, lesson learnt IO::Tee $tee = teelaunch( $mysync, 'W/tmp/tests/tests_teelaunch2.txt' ) ; isa_ok( $tee, 'IO::Tee' , 'teelaunch: W/tmp/tests/tests_teelaunch2.txt' ) ; is( 1, print( $tee "Hi!\n" ), 'teelaunch: write Hi!') ; is( "Hi!\n", file_to_string( 'W/tmp/tests/tests_teelaunch2.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch2.txt is Hi!\n' ) ; is( 1, print( $tee "Hoo\n" ), 'teelaunch: write Hoo') ; is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch2.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch2.txt is Hi!\nHoo\n' ) ; is( 1, teefinish( $tee ), 'teefinish: return 1') ; is( 1, print( $tee "Argh1\n" ), 'teelaunch: write Argh1') ; is( 1, print( $tee "Argh2\n" ), 'teelaunch: write Argh2') ; is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch2.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch2.txt is still Hi!\nHoo\n' ) ; is( 1, teefinish( $tee ), 'teefinish: still return 1') ; note( 'Leaving tests_teelaunch()' ) ; return ; } -- my $mysync = { } ; is( undef, get_options_extra( $mysync ), 'get_options_extra: undef => undef' ) ; my $cwd_save = getcwd( ) ; ok( (-d 'W/tmp/tests/options_extra/' or mkpath( 'W/tmp/tests/options_extra/' )), 'get_options_extra: mkpath W/tmp/tests/options_extra/' ) ; chdir 'W/tmp/tests/options_extra/' ; is( '--debugimap1', string_to_file( '--debugimap1', 'options_extra.txt' ), 'get_options_extra: string_to_file filling options_extra.txt with --debugimap1' ) ; is( '--debugimap1', file_to_string( 'options_extra.txt' ), 'get_options_extra: reading options_extra.txt is --debugimap1' ) ; -- if ( ! $mysync->{ testsdebug } ) { skip 'No test in normal run' ; } note( 'Entering testsdebug()' ) ; #ok( ( ( not -d 'W/tmp/tests' ) or rmtree( 'W/tmp/tests/' ) ), 'testsdebug: rmtree W/tmp/tests' ) ; #tests_check_binary_embed_all_dyn_libs( ) ; #tests_killpid_by_parent( ) ; #tests_killpid_by_brother( ) ; #tests_kill_zero( ) ; #tests_connect_socket( ) ;; fail impose+-0.2-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/impose: $ grep /tmp/ /usr/bin/impose $ybot=30 unless $ybot; $pages=6 unless defined $pages; $rotdir="L" unless $rotdir; $filename = shift or do { $filename = "/tmp/$ENV{USER}-tmp.ps"; open(TMP, ">$filename"); while(<>) { print TMP; } close(TMP); $do_stdout++; $do_erase_tmp++; $_=; @oddbbox=split; $_=; @evenbbox=split; @oddbbox = @evenbbox unless @evenbbox; close(BB); } elsif ($lastbbox && -e "/tmp/bboxx-$ENV{USER}") { open(BB,"/tmp/bboxx-$ENV{USER}"); $_=; @oddbbox=split; $_=; @evenbbox=split; close(BB); # print "oddbbox = @oddbbox\n"; # print "evenbbox = @evenbbox\n"; -- } @evenbbox = @oddbbox if $noevenodd; # record the bboxx information open(BB, ">/tmp/bboxx-$ENV{USER}"); print BB "@oddbbox\n@evenbbox\n"; close(BB); # Do page calculations $oddwidth = $oddbbox[2]-$oddbbox[0];; fail installer-distro-altlinux-server-stage2-7.0.2-alt3.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/05-vm-profile: $ grep /tmp/ /usr/share/install2/initinstall.d/05-vm-profile #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } mem="$(sed '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB finded_disks_size="$(find /sys/block/{hd,sd,vd,nvme,mmc}*/size 2> /dev/null)" [ "$finded_disks_size" ] &&; fail installer-distro-centaurus-stage2-10.2-alt3.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/preinstall.d/35-enable-systemd-networkd.sh: $ grep /tmp/ /usr/share/install2/preinstall.d/35-enable-systemd-networkd.sh shell_config_set $i/options NM_CONTROLLED no shell_config_set $i/options SYSTEMD_CONTROLLED yes shell_config_set $i/options DISABLED yes done } >> /tmp/install2.log 2>&1 : Found error in /usr/share/install2/postinstall.d/66-setup-net-services.sh: $ grep /tmp/ /usr/share/install2/postinstall.d/66-setup-net-services.sh [ "$NM_CONTROLLED" ] && chroot $destdir systemctl disable NetworkManager.service [ "$SYSTEMD_CONTROLLED" ] && chroot $destdir systemctl disable systemd-networkd.service } >> /tmp/install2.log 2>&1 :; fail installer-scripts-remount-stage2-0.6.4-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/install2-remount-functions: $ grep /tmp/ /usr/sbin/install2-remount-functions start_lvm && start_luks && mount_chroot && systemd_tmpfiles_chroot && set_active \ ) >& /tmp/remount.log || return $? } remount_destination() { # remount destdir after alterator-vm # no mount chroot filesystem (/dev, /proc, /sys) start_mdraid && start_lvm && start_luks && mount_destination && set_active \ ) >& /tmp/remount.log || return $? } # avoid automatic rpm shell.req dependency MULTIPATHD=/sbin/multipathd MDADM=/sbin/mdadm LVM=/sbin/lvm CRYPTSETUP=/sbin/cryptsetup CRYPTSETUP_KEY=/tmp/empty PUTFILE=/usr/share/make-initrd/tools/put-file BLKID="blkid -c /dev/null" # alterator-vm should leave LUKS containers # with initial empty password, see #28200 -- # for installer-feature-desktop-other-fs, see also #29005 save_blkid_state() { find /dev/mapper -type l \ | xargs -r $BLKID \ > /tmp/blkid.dm } populate_fstab() { [ ! -f /tmp/fstab ] || cat /tmp/fstab >> "$destdir/etc/fstab" } copy_chroot_binaries() { useputfile= if [ -x "$destdir$PUTFILE" ]; then useputfile='yes' binddir="$(mktemp -d "$destdir/tmp/copy_chroot_binaries.XXXXXXXXX")" workdir="${binddir#$destdir}" mount --bind / "$binddir" else echo "remount: file does not exist or is not available for execution: $destdir$PUTFILE" >&2 fi -- } stop_mdraid() { # saving state is only important *after* evms if [ -f /proc/mdstat -a -x "$MDADM" ]; then "$MDADM" --examine --scan > /tmp/mdadm.conf "$MDADM" -v --stop --scan fi } start_mdraid() { if [ -s /tmp/mdadm.conf -a -x "$MDADM" ]; then # an arbitrary value of the year: packages installed already sysctl -w dev.raid.speed_limit_max=1000000 # chroot's mdadm.conf populated by 45-mdadm.sh "$MDADM" -v --assemble --run --scan --config=/tmp/mdadm.conf ||: fi } start_multipath() { if [ -x "$MULTIPATHD" ]; then -- done fi } mount_destfs() { # depends on /tmp/fstab just like 10-fstab.sh local mpoint="$1" mountpoint -q "$destdir""$mpoint" && return 0 local destfs="$(awk -v mpoint="$mpoint" '{ if ($2==mpoint) print $1 }' < /tmp/fstab)" case "$destfs" in UUID=*) destfs="`$BLKID -U ${destfs#UUID=}`" ;; LABEL=*) -- echo "by ${UUID:+UUID=$UUID}${LABEL:+LABEL=$LABEL}" time $BLKID return 3 fi >&2 mountopts="$(grep "[[:space:]]$mpoint[[:space:]]" /tmp/fstab | awk '{ print $4 }')" mount -v "$destfs" "$destdir$mpoint" -o "$mountopts" || return 3 } mount_chroot() { -- ! mountpoint "$destdir" || return 1 } # mount destdir without make chroot, after umount_destination mount_destination() { [ -s /tmp/fstab ] || return 4 for mpoint in $(awk '{ print $2 }' < /tmp/fstab | grep / | sort); do mount_destfs $mpoint || return $? done } systemd_tmpfiles_chroot() {; fail kselftests-6.11-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/kselftests/net/mptcp/mptcp_join.sh: $ grep /tmp/ /usr/lib/kselftests/net/mptcp/mptcp_join.sh cappid=$! sleep 1 fi NSTAT_HISTORY=/tmp/${listener_ns}.nstat ip netns exec ${listener_ns} \ nstat NSTAT_HISTORY=/tmp/${connector_ns}.nstat ip netns exec ${connector_ns} \ nstat local extra_args if [ $speed = "fast" ]; then extra_args="-j" if $capture; then sleep 1 kill $cappid fi NSTAT_HISTORY=/tmp/${listener_ns}.nstat ip netns exec ${listener_ns} \ nstat | grep Tcp > /tmp/${listener_ns}.out NSTAT_HISTORY=/tmp/${connector_ns}.nstat ip netns exec ${connector_ns} \ nstat | grep Tcp > /tmp/${connector_ns}.out if [ ${rets} -ne 0 ] || [ ${retc} -ne 0 ]; then fail_test "client exit code $retc, server $rets" echo -e "\nnetns ${listener_ns} socket stat for ${port}:" 1>&2 ip netns exec ${listener_ns} ss -Menita 1>&2 -o "sport = :$port" cat /tmp/${listener_ns}.out echo -e "\nnetns ${connector_ns} socket stat for ${port}:" 1>&2 ip netns exec ${connector_ns} ss -Menita 1>&2 -o "dport = :$port" cat /tmp/${connector_ns}.out cat "$capout" return 1 fi Found error in /usr/lib/kselftests/net/mptcp/mptcp_connect.sh: $ grep -A5 -B5 /tmp/ /usr/lib/kselftests/net/mptcp/mptcp_connect.sh local cappid_connector=$! sleep 1 fi NSTAT_HISTORY=/tmp/${listener_ns}.nstat ip netns exec ${listener_ns} \ nstat -n if [ ${listener_ns} != ${connector_ns} ]; then NSTAT_HISTORY=/tmp/${connector_ns}.nstat ip netns exec ${connector_ns} \ nstat -n fi local stat_synrx_last_l local stat_ackrx_last_l -- sleep 1 kill ${cappid_listener} kill ${cappid_connector} fi NSTAT_HISTORY=/tmp/${listener_ns}.nstat ip netns exec ${listener_ns} \ nstat | grep Tcp > /tmp/${listener_ns}.out if [ ${listener_ns} != ${connector_ns} ]; then NSTAT_HISTORY=/tmp/${connector_ns}.nstat ip netns exec ${connector_ns} \ nstat | grep Tcp > /tmp/${connector_ns}.out fi local duration duration=$((stop-start)) result_msg+=" # time=${duration}ms" printf "(duration %05sms) " "${duration}" if [ ${rets} -ne 0 ] || [ ${retc} -ne 0 ]; then mptcp_lib_pr_fail "client exit code $retc, server $rets" echo -e "\nnetns ${listener_ns} socket stat for ${port}:" 1>&2 ip netns exec ${listener_ns} ss -Menita 1>&2 -o "sport = :$port" cat /tmp/${listener_ns}.out echo -e "\nnetns ${connector_ns} socket stat for ${port}:" 1>&2 ip netns exec ${connector_ns} ss -Menita 1>&2 -o "dport = :$port" [ ${listener_ns} != ${connector_ns} ] && cat /tmp/${connector_ns}.out echo cat "$capout" mptcp_lib_result_fail "${TEST_GROUP}: ${result_msg}" return 1 Found error in /usr/lib/kselftests/intel_pstate/run.sh: $ grep -A5 -B5 /tmp/ /usr/lib/kselftests/intel_pstate/run.sh # and the value of MSR 0x199 (MSR_IA32_PERF_CTL) which indicates what # pstate the cpu is in, and the value of # /sys/devices/system/cpu/intel_pstate/max_perf_pct X maximum turbo state # # Notes: In some cases several frequency values may be placed in the # /tmp/result.X files. This is done on purpose in order to catch cases # where the pstate driver may not be working at all. There is the case # where, for example, several "similar" frequencies are in the file: # # #/tmp/result.3100:1:cpu MHz : 2899.980 #/tmp/result.3100:2:cpu MHz : 2900.000 #/tmp/result.3100:3:msr 0x199: 0x1e00 #/tmp/result.3100:4:max_perf_pct 94 # # and the test will error out in those cases. The result.X file can be checked # for consistency and modified to remove the extra MHz values. The result.X # files can be re-evaluated by setting EVALUATE_ONLY to 1 below. -- ./aperf $cpu & done echo "sleeping for 5 seconds" sleep 5 grep MHz /proc/cpuinfo | sort -u > /tmp/result.freqs num_freqs=$(wc -l /tmp/result.freqs | awk ' { print $1 } ') if [ $num_freqs -ge 2 ]; then tail -n 1 /tmp/result.freqs > /tmp/result.$1 else cp /tmp/result.freqs /tmp/result.$1 fi ./msr 0 >> /tmp/result.$1 max_perf_pct=$(cat /sys/devices/system/cpu/intel_pstate/max_perf_pct) echo "max_perf_pct $max_perf_pct" >> /tmp/result.$1 for job in `jobs -p` do echo "waiting for job id $job" wait $job -- echo "The marketing frequency of the cpu is $mkt_freq MHz" echo "The maximum frequency of the cpu is $max_freq MHz" echo "The minimum frequency of the cpu is $min_freq MHz" # make a pretty table echo "Target Actual Difference MSR(0x199) max_perf_pct" | tr " " "\n" > /tmp/result.tab for freq in `seq $max_freq -100 $min_freq` do result_freq=$(cat /tmp/result.${freq} | grep "cpu MHz" | awk ' { print $4 } ' | awk -F "." ' { print $1 } ') msr=$(cat /tmp/result.${freq} | grep "msr" | awk ' { print $3 } ') max_perf_pct=$(cat /tmp/result.${freq} | grep "max_perf_pct" | awk ' { print $2 } ' ) cat >> /tmp/result.tab << EOF $freq $result_freq $((result_freq - freq)) $msr $((max_perf_pct usr max_freq)) EOF done # print the table pr -aTt -5 < /tmp/result.tab exit 0; fail linuxcnc-2.9.3-alt3.20240830.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib64/tcl/linuxcnc/ngcgui_ttt.tcl: $ grep /tmp/ /usr/lib64/tcl/linuxcnc/ngcgui_ttt.tcl #future: puts check:<$msg> #future: } #future: test ans here # hack follows: catch {set ans1 [eval exec $::ttt(exe) 2>/tmp/ttt.q]} catch {set ans2 [eval exec grep subdiv /tmp/ttt.q]} catch {file delete /tmp/ttt.q} if {[info exists ans2] && $ans2 == 1} { set ::ttt(msg) "::ttt::embedinit [_ "found truetype-tracer v4 return 1 } else { puts stderr "::ttt::embedinit:[_ "Note truetype-tracer v4 is required"]"; fail lua5.1-module-luasocket-3.0rc1-alt5_lr2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/luarocks/rocks-5.1/luasocket/3.0rc1-2/test/cgi/cat: $ grep /tmp/ /usr/lib/luarocks/rocks-5.1/luasocket/3.0rc1-2/test/cgi/cat #!/bin/sh echo Content-type: text/plain echo cat > /tmp/luasocket.cat.tmp cat /tmp/luasocket.cat.tmp; fail lz11-V2-1.2-alt1.qa2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/lz11.stopjobs: $ grep /tmp/ /usr/bin/lz11.stopjobs if [ "${pids}" ] ; then exit 0 fi echo "${pids}" > /tmp/lz11.terminate waitcounts=30 echo echo echo "removing all active printer jobs for " echo " etc usr with PIDS ${pids}" if [ ${nonefound} == 1 ] ; then i=${waitcounts} echo -n " STOPPED!" fi done rm -f /tmp/lz11.terminate echo if [ ${nonefound} = 0 ] ; then echo "The program could not stop the prints safely." echo "Just killing the print processes now!" echo Found error in /usr/bin/lz11.foomatic: $ grep -A5 -B5 /tmp/ /usr/bin/lz11.foomatic $debug = 1; local *ERR; if ($debug) { open(ERR,">>/tmp/lz11err"); print ERR "-----------\n"; print ERR "@ARGV\n"; } else { open(ERR, ">&STDERR"); } -- # ---------------------------------------------------------- # cZ11 command line # ---------------------------------------------------------- $cz11 = "cZ11-V2 $devicez11 $sizez11 $adjustz11"; if ( $cancel == 1 ) { $cz11 = "$cz11"." --terminate=/tmp/lz11.terminate"; } elsif ( $cancel ) { $cz11 = "$cz11"." --terminate-eject=/tmp/lz11.terminate"; } $cz11 = "$cz11"." 2>>/tmp/lz11err"; # ---------------------------------------------------------- # Do it! # ---------------------------------------------------------- $invokation = "$gs -q -dBATCH -dSAFER -dNOPAUSE $devicegs $ditherppi $resgs $sizegs -sOutputFile=- - | $cz11"; if ($debug) { print ERR "$invokation \n"; } system("$invokation"); system("chmod a+rw /tmp/lz11*"); close(ERR);; fail m2300w-0.51-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/m2300w-wrapper: $ grep /tmp/ /usr/bin/m2300w-wrapper # is heavy based on the Script from Rick's 'foo2zjs-wrapper' for the # Minolta Magiccolor 2300DL. # So i will leave his copyright on it. #********************************************************************* cat >> /tmp/m2300w.log <> /tmp/m2300w.log <>/tmp/m2300w.log) 3>&1 | tee /tmp/m2300w_gsout.pbm | $DRIVER $DRIVER_DEBUG $M2300WUCR $SAVETONER $PAPERCODE $MEDIACODE \ -i - -o - $COLOR $RESCODESTR | tee /tmp/m2300w.prn EOF $PREFILTER | ($GS $gsPaperCode $RES $GSDEV $GSOPT \ -sOutputFile="|cat 1>&3" $RENDERFILES - >>/tmp/m2300w.log) 3>&1 | tee_pbm | $DRIVER $DRIVER_DEBUG $M2300WUCR $SAVETONER $PAPERCODE $MEDIACODE \ -i - -o - $COLOR $RESCODESTR | tee_prn; fail make-initrd-colaboot-0.5-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/make-initrd/features/colaboot/data/scripts/post/udev/colaboot: $ grep /tmp/ /usr/share/make-initrd/features/colaboot/data/scripts/post/udev/colaboot REPLACEMENT=$(echo $ROOT |sed 's|(.*)/.*|\1|') elif echo $MACRO_NAME |grep "^DHCP_"; then # for this macro type we need to make sure first that network is up [ "$NETWORK_IS_UP" ] && network_init >&2 DHCP_OPT_NAME=$(echo $MACRO_NAME |sed 's/^DHCP_//') REPLACEMENT=$(get_mnf_param $DHCP_OPT_NAME /tmp/lease-info |sed "s/'//g") fi STR=$(echo $STR |sed "s|{.*}|$REPLACEMENT|") fi echo $STR } done } network_init() { if [ -s /tmp/lease-info ]; then # It seems network is already up NETWORK_IS_UP=1 return fi -- fi sleep .1 done if ip -o -4 addr list |grep -Fqv "inet 127.0.0.1"; then verbose "Save lease info into /tmp/lease-info" for lease in /var/lib/dhcpcd/*.lease; do iface=$(basename $lease |sed -e 's/dhcpcd-//' -e 's/\.lease$//') dhcpcd -4 -U $iface > /tmp/lease-info done NETWORK_IS_UP=1 else error "No assigned IP found. Network problem?" fi -- FORCE_CACHE_IMAGES=${clb_force_cache_images:-1} WAIT_DELAY=${ROOTDELAY:-180} verbose "CoLaBoot: root url=${ROOT}, clb_fs_size=${clb_fs_size}, clb_force_cache_images=${FORCE_CACHE_IMAGES}" RDISK=/tmp/clb-ramdisk CACHED_IMAGES=$RDISK/cached-images IMAGES_MPOINTS=$RDISK/mount-points IMG_FS_PATH=/tmp/images-fs # this location can be overrided for local HDD, NFS or iSCSI RW_LAYER_PATH=$IMAGES_MPOINTS mkdir -p $RDISK -- for MPOINT in $IMG_FS_PATH/*; do grep -q " $MPOINT " /proc/mounts && umount -l $MPOINT done [ -n "$NETWORK_IS_UP" -o -s /tmp/lease-info ] && network_down } # =========< start here >============= prepare; fail ndiswrapper-1.61-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/ndiswrapper-buginfo: $ grep /tmp/ /usr/sbin/ndiswrapper-buginfo # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA LOGFILE=`mktemp /tmp/ndiswrapper.XXXXXX` KVERS=`uname log() { echo "$*" 2>&1 >> $LOGFILE log "kernel config missing" fi fi fi gzip -c $LOGFILE > /tmp/ndiswrapper-buginfo.gz echo "please attach /tmp/ndiswrapper-buginfo.gz to your bugreport!" \rm -f $LOGFILE; fail net-snmp-common-5.9.4-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/net-snmp-common-5.9.4/passtest: $ grep /tmp/ /usr/share/doc/net-snmp-common-5.9.4/passtest # Process SET requests by simply logging the assigned value # Note that such "assignments" are not persistent, # nor is the syntax or requested value validated # if [ "$1" = "-s" ]; then echo $* >> /tmp/passtest.log exit 0 fi # # GETNEXT requests - determine next valid instance; fail netdata-1.43.2-alt3.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/netdata/plugins.d/health-cmdapi-test.sh: $ grep /tmp/ /usr/lib/netdata/plugins.d/health-cmdapi-test.sh d['alarms']['system.cpu.10min_cpu_iowait']['silenced'], \ d['alarms']['system.load.load_trigger']['disabled'], \ d['alarms']['system.load.load_trigger']['silenced'], \ );" 2>&1) if [ $? 0 ] ; then echo " ${RED}ERROR: Unexpected response stored in /tmp/resp-$number.json" echo "$resp" > /tmp/resp-$number.json err=$((err+1)) iter=0 elif [ "${r}" != "${2}" ] ; then echo " ${GRAY}WARNING: 'Got ${r}'. Expected '${2}'" iter=$((iter+1)); fail newsboat-2.31-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/newsboat/contrib/getpocket.com/create-pocket-user-token.sh: $ grep /tmp/ /usr/share/doc/newsboat/contrib/getpocket.com/create-pocket-user-token.sh # shamelessy copy this from contrib/bookmark-pinboard TMP_TOKEN=`echo $output | sed 's/^.*\"code\":"\([^"]*\)".*$/\1/'` # redirect user to pocket authentication page AUTH_URL="https://getpocket.com/auth/authorize?request_token=$TMP_TOKEN&redirect_uri=https://github.com/newsboat/newsboat/blob/c8c92a17fa0862fb7a648e88723eb48cb9cb582c/contrib/getpocket.com/after_authentication.md" echo $TMP_TOKEN> /tmp/pocket_token echo "please navigate to $AUTH_URL, active the access. Then press enter" xdg-open $AUTH_URL read dontcare output=`wget "consumer_key=$APPLICATION_CONSUMER_KEY&code=$TMP_TOKEN" https://getpocket.com/v3/oauth/authorize - 2>/dev/null` echo $output > /tmp/input output=`echo $output | sed 's/^.*access_token=\([^&"]*\).*$/\1/'` echo $output > ~/.pocket_access_token; fail ocsinventory-agent-2.10.2-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/ocsinventory-agent: $ grep /tmp/ /usr/bin/ocsinventory-agent =item B<--stdout> Print the inventory on stdout. % ocsinventory-agent > /tmp/report.xml # prepare an inventory and write it in the /tmp/report.xml file. # A file will be created. =item B<--scan-homedirs> Authorized OCS to scan home directories to increase the Virtual Machine inventory.; fail opennebula-server-6.6.1.1-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/one.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/one.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/az.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/az.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE }; fail otl-0.54-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/otl: $ grep /tmp/ /usr/bin/otl #### # # need to rewrite and reread file so that \n's are now processed correctly # and each line ends up as a separate array element # write it to temp file open(FOUT, ">/tmp/tmp.otl"); flock(FOUT,2); print FOUT @linesout; close (FOUT); # now read it @linesout=(); open(INFO,"/tmp/tmp.otl"); @linesout=; close(INFO); $lineslength=@linesout; if ($debug) Found error in /usr/bin/otlsub: $ grep -A5 -B5 /tmp/ /usr/bin/otlsub ################################### # need to rewrite and reread file so that \n's are now processed correctly # and each line ends up as a separate array element # -- write it to temp file unlink("/tmp/tmp.otl"); open(FOUT, ">/tmp/tmp.otl"); flock(FOUT,2); print FOUT @linesout; close (FOUT); # now read it @linesout=(); open(INFO,"/tmp/tmp.otl"); @linesout=; close(INFO); # # $llength is length of linesout; fail perl-Tapper-Cmd-5.0.12-alt1_1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/auto/Tapper/Cmd/Init/hello-world/run-hello-world.sh: $ grep /tmp/ /usr/share/perl5/auto/Tapper/Cmd/Init/hello-world/run-hello-world.sh start-tapper-daemon () { DAEMON=$1 if ps auxwww | grep grep | grep $DAEMON ; then kill $(ps auxwww | grep grep | grep $DAEMON | awk '{print $2}') fi $DAEMON > /tmp/$DAEMON-helloworld.log 2>&1 & } start-tapper-daemon tapper_reports_web_server.pl start-tapper-daemon tapper-reports-receiver start-tapper-daemon tapper-reports-api; fail phoronix-test-suite-10.8.4-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww3-1.0.0/pre.sh: $ grep /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww3-1.0.0/pre.sh #!/bin/bash set xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Total War WARHAMMER III" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tww3-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww2-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww2-1.1.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Total War WARHAMMER II" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tww2-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.3/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.3/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.2/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.2/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/thronesofbritannia-1.0.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/thronesofbritannia-1.0.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Thrones of Britannia" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tob-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/interim.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/interim.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.2/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.2/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Rise of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/rotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Rise of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/rotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.1/pre.sh #!/bin/bash set -o xtrace exec > /tmp/test exec 2>&1 export HOME=$DEBUG_REAL_HOME # Game identity FERAL_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive" -- ;; esac # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/f12017-bkp-dt GAME_PREFS_BKP="${FERAL_PREFS}/F1 2017.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.0/pre.sh #!/bin/bash set -o xtrace exec > /tmp/test exec 2>&1 export HOME=$DEBUG_REAL_HOME # Game identity FERAL_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive" -- ;; esac # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/f12017-bkp-dt GAME_PREFS_BKP="${FERAL_PREFS}/F1 2017.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}"; fail pptpd-1.4.0-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/pptpd-1.4.0/tools/vpnuser: $ grep /tmp/ /usr/share/doc/pptpd-1.4.0/tools/vpnuser exit 1 fi ;; del) if [ "$(echo $2)" != "" ]; then grep "$2" $config > /tmp/vpnblaat mv /tmp/vpnblaat $config chmod 600 $config else echo $ERROR exit 1 fi cat $config fi ;; domain) if [ "$(echo $2)" != "" ] & [ "$(echo $3)" != "" ]; then grep -vw "$2" $config > /tmp/vpnblaat DATA=`grep -w "$2" $config` mv /tmp/vpnblaat $config DOM=`echo $3 | tr a-z A-Z` dom=`echo $3 | tr A-Z a-z` echo "$DOM\\\\$DATA" >> $config echo "$dom\\\\$DATA" >> $config chmod 600 $config; fail resource-agents-4.15.1-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ocf/resource.d/heartbeat/rabbitmq-server-ha: $ grep /tmp/ /usr/lib/ocf/resource.d/heartbeat/rabbitmq-server-ha The debug flag for agent (${OCF_RESKEY_binary}) instance. In the /tmp/ directory will be created rmq-* files for log some operations and ENV values inside OCF-script. AMQP server (${OCF_RESKEY_binary}) debug flag local rc=$OCF_ERR_GENERIC local LH="${LL} monitor:" ocf_log debug "${LH} action start." if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-monitor.log env >> /tmp/rmq-monitor.log echo "$d [monitor] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi get_monitor rc=$? ocf_log debug "${LH} role: ${OCF_RESKEY_CRM_meta_role}" ocf_log debug "${LH} result: $rc" -- local LH="${LL} start:" local nowtime if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-start.log env >> /tmp/rmq-start.log echo "$d [start] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." get_status -- local rc=$OCF_ERR_GENERIC local LH="${LL} stop:" if ocf_is_true "${OCF_RESKEY_debug}"; then d=$(date '+%Y%m%d %H:%M:%S') echo $d >> /tmp/rmq-stop.log env >> /tmp/rmq-stop.log echo "$d [stop] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." ocf_log info "${LH} Deleting master attribute" -- local LH="${LL} notify:" local nodelist if ocf_is_true "${OCF_RESKEY_debug}"; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-notify.log env >> /tmp/rmq-notify.log echo "$d [notify] ${OCF_RESKEY_CRM_meta_notify_type}-${OCF_RESKEY_CRM_meta_notify_operation} promote='${OCF_RESKEY_CRM_meta_notify_promote_uname}' demote='${OCF_RESKEY_CRM_meta_notify_demote_uname}' master='${OCF_RESKEY_CRM_meta_notify_master_uname}' slave='${OCF_RESKEY_CRM_meta_notify_slave_uname}' start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi if [ "${OCF_RESKEY_CRM_meta_notify_type}" = 'post' ] ; then # POST- anything notify section case "$OCF_RESKEY_CRM_meta_notify_operation" in -- local rc=$OCF_ERR_GENERIC local LH="${LL} promote:" if ocf_is_true "${OCF_RESKEY_debug}"; then d=$(date '+%Y%m%d %H:%M:%S') echo $d >> /tmp/rmq-promote.log env >> /tmp/rmq-promote.log echo "$d [promote] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." get_monitor; fail rpm-build-vm-checkinstall-1.73-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/vm-run.ci/checkinstall: $ grep /tmp/ /usr/lib/vm-run.ci/checkinstall # Bringing up secondary CPUs" message. ls /dev/kvm set | grep ^LD_ # Simulate filetrigger run find /boot > /tmp/filelist /usr/lib/rpm/posttrans-filetriggers /tmp/filelist rm /tmp/filelist # Remove trigger so it does not re-create '/tmp/vm-ext4.img'. > /usr/lib/rpm/z-vm-createimage.filetrigger kvm-ok timeout 300 vm-run <<-'EOF' uname ! timeout --preserve-status 300 vm-run "true; false; true" || exit 1 timeout 300 vm-run --mem=max free -g timeout 300 vm-run --cpu=max lscpu df -h /tmp timeout 300 vm-run --tmp=max df -h /tmp rm /tmp/vm-tmpfs.qcow2 timeout 300 vm-run --verbose --overlay=ext4 uname -a rmdir /mnt/0 rm /usr/src/ext4.0.img timeout 300 vm-run --rootfs --verbose df rm /tmp/vm-ext4.img timeout 300 vm-run --hvc --no-quiet 'dmesg -r | grep -E "printk:( legacy)? console \[hvc0\] enabled"' timeout 300 vm-run --tcg --mem='' --cpu=1 cat /proc/cpuinfo if [ "$ALT_BRANCH_ID" = sisyphus ]; then rpm -qa PROVIDES=kernel-latest | grep '^kernel-image-' fi # Clean up without '-f' ensures these files existed. rm /tmp/initramfs-*-*-alt*.img # SCRIPT and exit code files form each vm-run invocation. Each SCRIPT file # should correspond to '.ret' file. find /tmp/vm.?????????? -maxdepth 0 | xargs -t -i -n1 rm {} {}.ret; fail scanbuttond-0.2.3-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/scanbuttond/buttonpressed.sh: $ grep /tmp/ /etc/scanbuttond/buttonpressed.sh # $1 ... the button number # $2 ... the scanner's SANE device name, which comes in handy if there are two or # more scanners. In this case we can pass the device name to SANE programs # like scanimage. TMPFILE="/tmp/scan.tiff" LOCKFILE="/tmp/copy.lock" case $1 in 1) echo "button 1 has been pressed on $2" # echo "Error: Another scanning operation is currently in progress" # exit # fi # touch $LOCKFILE # rm -f $TMPFILE scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm A= gimp /tmp/image.pnm # tiff2ps -z -w 8.27 -h 11.69 $TMPFILE | lpr # rm -f $LOCKFILE # ;; 2) echo "button 2 has been pressed on $2" scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm lpr /tmp/image.pnm ;; 3) echo "button 3 has been pressed on $2" scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm A= evolution mailto:?attach=/tmp/image.pnm ;; 4) echo "button 4 has been pressed on $2" ;; esac; fail select-kernel-0.99.2-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/select-kernel: $ grep /tmp/ /usr/sbin/select-kernel message() { printf %s\\n "$PROG: $*" >&2 } debug() { echo "$@" >> /tmp/$PROG.dbg } show_help() { cat << EOF yes= numeric= RELEASE=. FLAVOUR=. CACHE=/tmp/$PROG.$$ trap "rm -f $CACHE" EXIT SIGHUP SIGINT SIGQUIT SIGTERM while [ -n "$1" ]; do if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then show_help; fail spdk-23.09-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/libexec/spdk/scripts/spdx.sh: $ grep /tmp/ /usr/libexec/spdk/scripts/spdx.sh etc usr THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT etc usr (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE etc usr OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. etc/ usr/ END ) > /tmp/c.txt ( cat << 'END' # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # END ) > /tmp/makefile.txt function get_sha() { sha= start=$(cat -n $1 | grep "Redistribution and use" | awk '{print $1}') end=$(cat -n $1 | grep "POSSIBILITY OF SUCH DAMAGE" | head -1 | awk '{print $1}') -- fi count=$((end - start + 1)) sha=$(sed -n "${start},+${count}p" $1 | sha1sum | awk '{print $1}') } intel_c_sha=$(sed 's/__COMPANY__/Intel Corporation/g' /tmp/c.txt | sha1sum | awk '{print $1}') nvidia_c_sha=$(sed 's/__COMPANY__/Nvidia Corporation/g' /tmp/c.txt | sha1sum | awk '{print $1}') samsung_c_sha=$(sed 's/__COMPANY__/Samsung Electronics Co., Ltd./g' /tmp/c.txt | sha1sum | awk '{print $1}') eideticom_c_sha=$(sed 's/__COMPANY__/Eideticom Inc/g' /tmp/c.txt | sha1sum | awk '{print $1}') generic_c_sha=$(sed 's/__COMPANY__/the copyright holder/g' /tmp/c.txt | sha1sum | awk '{print $1}') for f in $(git ls-files '**/*.c' '**/*.cpp' '**/*.h' '**/*.cc' '**/*.go'); do get_sha $f if [[ $sha == "$intel_c_sha" ]] \ || [[ $sha == "$nvidia_c_sha" ]] \ -- sed -i '1 i /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /media /mnt /opt /proc /reboot /root /run /sbin /selinux /srv /sys /tmp /urn:fontconfig:fonts.dtd /usr /var SPDX-License-Identifier: BSD-3-Clause' $f fi done intel_makefile_sha=$(sed 's/__COMPANY__/Intel Corporation/g' /tmp/makefile.txt | sha1sum | awk '{print $1}') nvidia_makefile_sha=$(sed 's/__COMPANY__/Nvidia Corporation/g' /tmp/makefile.txt | sha1sum | awk '{print $1}') samsung_makefile_sha=$(sed 's/__COMPANY__/Samsung Electronics Co., Ltd./g' /tmp/makefile.txt | sha1sum | awk '{print $1}') eideticom_makefile_sha=$(sed 's/__COMPANY__/Eideticom Inc/g' /tmp/makefile.txt | sha1sum | awk '{print $1}') generic_makefile_sha=$(sed 's/__COMPANY__/the copyright holder/g' /tmp/makefile.txt | sha1sum | awk '{print $1}') for f in $(git ls-files CONFIG MAKEFILE '**/*.mk' '**/Makefile'); do get_sha $f if [[ $sha == "$intel_makefile_sha" ]] \ || [[ $sha == "$nvidia_makefile_sha" ]] \; fail startup-rescue-0.50-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/rc.d/rc.sysinit.rescue: $ grep /tmp/ /etc/rc.d/rc.sysinit.rescue # Ensure plymouth is not running killall plymouthd >/dev/null 2>&1 remount_aufs() { [ "$1" ] || return 0 mkdir "/tmp/root$1" mount -n -t aufs -o dirs="/tmp/root$1=rw:$1=ro" "/tmp/root$1" "$1" } # Avoid double-aufs/overlayfs attempt if ! grep -qE "^overlay|/ aufs" /proc/mounts; then for mpoint in /etc /var /lib /bin /sbin /home /root /mnt; do -- action "Mounting efivars filesystem:" mount -t efivarfs none /sys/firmware/efi/efivars fi # run tmpfiles.d scripts if systemd_tmpfiles="$(find_util systemd-tmpfiles)"; then "$systemd_tmpfiles" --clean >/tmp/tmpfiles.log 2>&1 "$systemd_tmpfiles" --remove --create --boot --exclude-prefix=/dev >>/tmp/tmpfiles.log 2>&1 fi # Recover mdadm.conf if it's been changed above if [ -s "$MDCONF" ]; then sed -i 's,^DEVICE /dev/null,DEVICE partitions,' "$MDCONF"; fail volumes-profile-alt-server-v-1.1-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/10-vm-profile.sh: $ grep /tmp/ /usr/share/install2/initinstall.d/10-vm-profile.sh #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } ROOT_MIN=7 # In Gb VAR_MIN=1 # In Gb mem="$(sed '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB; fail xfce4-genmon-plugin-4.2.0-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/xfce4-genmon-plugin-4.2.0/scripts/twit: $ grep /tmp/ /usr/share/doc/xfce4-genmon-plugin-4.2.0/scripts/twit # Default Font = (your choice) # ############################################## ### configurable parameters # debug mode (logged to /tmp/twit-log if set to 1) DEBUG=0 # location of t TWIT_CMD="/home/toz/.gem/ruby/2.4.0/bin/t" # # open twitter in browser window #CLICK_ACTION="xdg-open https://www.twitter.com" # display list of recent tweets in yad dialog CLICK_ACTION="yad --window-icon=$NOTIFICATION_ICON --title Recent\ Twitter\ Timeline --center --width=1200 --height=500 --text-info --show-uri --filename=/tmp/.twit-all-output" # compose a new tweet (untested) #TWEET=$(yad --title "Compose a new message..." --height=200 --width=300 --text-info --editable --wrap) #CLICK_ACTION="t update '$TWEET'" -- ############################################## # don't change anything below ############################################## # check to see if .lastid is valid and if not reset [[ $(cat /tmp/.lastid) =~ ^[0-9]+$ ]] || rm /tmp/.lastid # get last processed ID and timeline if [ -s /tmp/.lastid ] then LASTID=$(cat /tmp/.lastid) $TWIT_CMD timeline -lr -s $LASTID > /tmp/.twit else $TWIT_CMD timeline -lr > /tmp/.twit fi [ $DEBUG -eq 1 ] && echo "01 .lastid=$(cat /tmp/.lastid)" > /tmp/twit-log [ $DEBUG -eq 1 ] && echo "02 LASTID=$LASTID" >> /tmp/twit-log sleep 1 # save the last processed ID cat /tmp/.twit | tail -1 | awk '{print $1}' > /tmp/.lastid if [ ! -s /tmp/.lastid ] then echo $LASTID > /tmp/.lastid fi [ $DEBUG -eq 1 ] && echo "03 new.lastid=$(cat /tmp/.lastid)" >> /tmp/twit-log # get number of new tweets num_tweets=$(cat /tmp/.twit | wc -l) [ $DEBUG -eq 1 ] && echo "04 num_tweets=$num_tweets" >> /tmp/twit-log # get the contents of the new tweets mapfile -t ids < <(awk '{print $1}' /tmp/.twit) mapfile -t from < <(awk '{print $5}' /tmp/.twit) mapfile -t text < <(awk '{for(i=6;i<=NF;i++){printf "%s ", $i}; printf "\n"}' /tmp/.twit) toolstr=$(for (( i=0; i<$num_tweets; i++ )); do echo "${from[i]} >> ${text[i]}"; echo ""; done) [ $DEBUG -eq 1 ] && echo "05 toolstr=$toolstr" >> /tmp/twit-log ##### set default plugin icon file and notify of new tweets #set default icon file to no new emails ICON_FILE="$NOTWEETS" [ $DEBUG -eq 1 ] && echo "06 ICON_FILE=$ICON_FILE" >> /tmp/twit-log if [ $num_tweets -gt 0 ]; then [ $DEBUG -eq 1 ] && echo "07 num_tweets > 0" >> /tmp/twit-log # set icon file to new emails image ICON_FILE="$NEWTWEETS" [ $DEBUG -eq 1 ] && echo "08 ICON_FILE=$ICON_FILE" >> /tmp/twit-log for (( i=0; i<$num_tweets; i++ )) do [ $DEBUG -eq 1 ] && echo "09 sending notification" >> /tmp/twit-log notify-send -i "$NOTIFICATION_ICON" "$(echo ${from[i]} | sed -r 's/[&]+/&/g')" "$(echo ${text[i]} | sed -r 's/[&]+/&/g')" done fi # append current to the all file if [ -s /tmp/.twit-all ] then cat /tmp/.twit /tmp/.twit-all > /tmp/.twit-tmp && mv /tmp/.twit-tmp /tmp/.twit-all else cat /tmp/.twit > /tmp/.twit-tmp && mv /tmp/.twit-tmp /tmp/.twit-all fi # format the output cat /tmp/.twit-all | awk '{ printf("%s %- 16s", $4, $5); out=$6; for(i=7;i<=NF;i++){out=out" "$i}; print out}' > /tmp/.twit-all-output # get last checked time stamp last_checked=$(date) # prepare tooltip string (to show last NUM_TOOLTIP_TWEETS) if [ -s /tmp/.twit-all ] then mapfile -t from2 < <(awk '{print $5}' /tmp/.twit-all) mapfile -t text2 < <(awk '{for(i=6;i<=NF;i++){printf "%s ", $i}; printf "\n"}' /tmp/.twit-all) toolstr2=$(for (( i=$num_tweets; i<$NUM_TOOLTIP_TWEETS; i++ )); do if [ "${from2[i]}" != "" ]; then echo "${from2[i]} >> ${text2[i]}"; echo ""; fi; done) fi [ $DEBUG -eq 1 ] && echo "10 toolstr2=$toolstr2" >> /tmp/twit-log ##### do the genmon if [ $TOOLTIP_NEW_TWEETS_ONLY -eq 0 ] then if [ $num_tweets -gt 0 ] then [ $DEBUG -eq 1 ] && echo "11 genmon:num_tweets > 0" >> /tmp/twit-log echo "$ICON_FILE $CLICK_ACTION New tweets: -- $toolstr2 Last checked: $last_checked" else [ $DEBUG -eq 1 ] && echo "12 genmon:num_tweets = 0" >> /tmp/twit-log echo "$ICON_FILE $CLICK_ACTION Recent tweets: -- else if [ $num_tweets -gt 0 ] then [ $DEBUG -eq 1 ] && echo "11 genmon:num_tweets > 0" >> /tmp/twit-log echo "$ICON_FILE $CLICK_ACTION New tweets: $toolstr Last checked: $last_checked" else [ $DEBUG -eq 1 ] && echo "12 genmon:num_tweets = 0" >> /tmp/twit-log echo "$ICON_FILE $CLICK_ACTION No new tweets. -- fi fi [ $DEBUG -eq 1 ] && echo "13 $(date)" >> /tmp/twit-log # purge old tweets from list KEEPEPOCHLIMIT=$(( $(date +%s) - $KEEP_TIME )) while IFS= read -r line do if [[ $(date --date="$(echo "$line" | awk '{print $2" "$3" "$4}')" +%s) -gt $KEEPEPOCHLIMIT ]] then echo "$line" >> /tmp/.twit-all.new fi done < "/tmp/.twit-all" mv /tmp/.twit-all.new /tmp/.twit-all unset ids from text from2 text2 exit 0 Found error in /usr/share/doc/xfce4-genmon-plugin-4.2.0/scripts/gmail: $ grep -A5 -B5 /tmp/ /usr/share/doc/xfce4-genmon-plugin-4.2.0/scripts/gmail ############################################## # don't change anything below ############################################## # get and save the atom feed curl -u "$USERNAME":"$PASSWORD" --silent "https://mail.google.com/mail/feed/atom" > /tmp/.gmail # get number of unread messages num_messages=$(grep -oP "(?<=)[^<]+" /tmp/.gmail) # get last checked time last_checked=$(grep -oP "(?<=)[^<]+" /tmp/.gmail | TZ=$TIMEZONE date +'%r') # get ids, senders and subjects mapfile -t ids < <(grep -oP "(?<=)[^<]+" /tmp/.gmail | awk -F":" '{print $3}') mapfile -t names < <(grep -oP "(?<=)[^<]+" /tmp/.gmail) mapfile -t subjects < <(grep -oP "(?<=)[^<]+" /tmp/.gmail | grep -v Gmail) # prepare tooltip string out=$(for (( i=0; i<$num_messages; i++ )); do echo "${names[i]} - ${subjects[i]}#"; done) toolstr="$(echo $out | sed -e 's/\# /\n/g' | sed -e 's/\#//g')" # check to see if there are new, new messages (only notify if something new has arrived) new_msgs=0 if [ $num_messages -gt 0 ]; then if [ -a /tmp/.gmail.lastid ]; then if [ "${ids[0]}" != "$(cat /tmp/.gmail.lastid)" ]; then echo ${ids[0]} > /tmp/.gmail.lastid let new_msgs=1 fi else echo ${ids[0]} > /tmp/.gmail.lastid let new_msgs=1 fi fi; info menu-2.1.41-alt24.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/menu-2.1.41/examples/cat: $ grep /tmp/ /usr/share/doc/menu-2.1.41/examples/cat #!/bin/sh cat > /tmp/menu-stdin exit 0 #In the good old days of menu-0 compatibility, one had to use: # #This file can be very usefull when you want to run one particular # #menu-method file several times, without running any of the others. # #In order to do so, do: # # - cp ./cat /etc/menu-methods/ # # - run update-menus so that the "cat" menu-method gets executed. # # Now you've got /tmp/menu-stdin. # # - With this file, you don't need update-menus at all any more, and you # # can symply run your hand-written "menu-test" menu-method by typing: # # ./menu-test < /tmp/menu-stdin # # # # The advantage of doing this is # # - none of the other menu-method files get excecuted (speedup) # # - update-menus doesn't need to open some hundred menu-entry files # # every time you test a change in your menu-method file. # # (speedup) # compat="menu-1" # command="cat > /tmp/menu-stdin"; info python3-module-dialog-3.4.0-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py: $ grep /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \ Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py: $ grep /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \;