antmon-actionrrd-3.2-alt5.x86_64	missing-url	info	Missing Url: in a package.; 
antmon-actionrrd-3.2-alt5.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/antmon/action-logrrd: $ grep -A5 -B5 /tmp/ /usr/lib/antmon/action-logrrd # use Fcntl; use RRDs; open STDERR, ">/tmp/rrderr"; die "Usage: log_packer.pl logdir [interval [tmout [type [datatype [num_to_store [num_to_sum]]]]]]\n" if @ARGV<1; my $dir=shift @ARGV; die "No such dir: $dir\n" unless -d $dir;; 
antmon-actionxmlrpc-3.2-alt5.x86_64	missing-url	info	Missing Url: in a package.; 
antmon-agent-3.2-alt5.x86_64	init-lsb	warn	/etc/rc.d/init.d//antmon-agent: lsb init header missing.  See http://www.altlinux.org/Services_Policy for details.; 
antmon-agent-3.2-alt5.x86_64	missing-url	info	Missing Url: in a package.; 
antmon-cleo-3.2-alt5.x86_64	missing-url	info	Missing Url: in a package.; 
antmon-http-3.2-alt5.x86_64	missing-url	info	Missing Url: in a package.; 
antmon-server-3.2-alt5.x86_64	init-lsb	warn	/etc/rc.d/init.d//antmon: lsb init header missing.  See http://www.altlinux.org/Services_Policy for details.; 
antmon-server-3.2-alt5.x86_64	missing-url	info	Missing Url: in a package.; 
antmon-snmp-3.2-alt5.x86_64	missing-url	info	Missing Url: in a package.; 
cleo-agent-5.13a-alt2.1.x86_64	init-condrestart	warn	/etc/rc.d/init.d/cleo-mon: missing condrestart target. Note: alt-specific script %_sbindir/post_service (used in %post_service macro) depends on condrestart. It is wise to add condrestart anyway./etc/rc.d/init.d/cleo-mon: missing condstop target. Note: alt-specific script %_sbindir/preun_service (used in %preun_service macro) depends on condstop. It is wise to add condstop anyway.; 
cleo-agent-5.13a-alt2.1.x86_64	init-lsb	warn	/etc/rc.d/init.d//cleo-mon: strange executable: neither lsb header nor chkconfig header aren't found.  See http://www.altlinux.org/Services_Policy for details.; 
cleo-agent-5.13a-alt2.1.x86_64	missing-url	info	Missing Url: in a package.; 
cleo-agent-5.13a-alt2.1.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/cleo-mon: $ grep -A5 -B5 /tmp/ /usr/sbin/cleo-mon $log_file, O_LARGEFILE | O_WRONLY | O_APPEND | O_CREAT ) ) { do_syslog("Cannot open '$log_file' ($!). Try /tmp"); unless ( $STATUS->open( "/tmp/cleo-mon.log", O_LARGEFILE | O_WRONLY | O_APPEND | O_CREAT ) ) { do_syslog("Cannot open /tmp/cleo-mon.log ($!). Try /dev/null"); $STATUS->open( "/dev/null", O_WRONLY ); } } $STATUS->autoflush(1); -- } exit 0 unless defined $p; exit 0 if ( $p != 0 ); if (1) { # || POSIX::setsid()!=-1) { unlink "/tmp/q-launch.$id"; # delete possible symlink open X, ">/tmp/q-launch.$id" or exit(1); # create 'lock-file' close X; for ( ; $time > 0; --$time ) { sleep 1; exit(0) unless -f "/tmp/q-launch.$id"; # exit, if launch is not nessesary } unlink "/tmp/q-launch.$id"; # delete 'lock-file' qlog "LAUNCHING($p) '$prog'\n"; # eval { close $LST; }; # eval { close $To_server; }; # eval { close $From_server; }; # eval { close $SH; }; -- register_mon_rcv( 'internal_info', \&int_info_handler ); register_mon_rcv( 'signal', \&signal_handler ); unless ( open( PID, ">/var/run/qmon.pid" ) ) { # or die "Cannot write pid to /var/run/qmon.pid!\n"; open( PID, ">/tmp/qmon.pid" ); } print PID $$; close PID; ##################################################################### -- # eval { close $From_server; }; # eval { close $To_server; }; $SRV->disconnect; # close $STATUS; # $STATUS=new IO::File(">/tmp/qqq"); qlog "Opening stdin ($args->{stdin})\n"; if ( ( $args->{stdin} =~ /\S/ ) && ( $args->{stdin} ne '-' ) ) { qlog "Opening stdin ($args->{stdin})!!!!\n"; $args->{stdin} =~ tr/\|\`\&\#\$\@\<\>//;; 
cleo-common-5.13a-alt2.1.x86_64	missing-url	info	Missing Url: in a package.; 
cleo-server-5.13a-alt2.1.x86_64	init-condrestart	warn	/etc/rc.d/init.d/cleo: missing condrestart target. Note: alt-specific script %_sbindir/post_service (used in %post_service macro) depends on condrestart. It is wise to add condrestart anyway./etc/rc.d/init.d/cleo: missing condstop target. Note: alt-specific script %_sbindir/preun_service (used in %preun_service macro) depends on condstop. It is wise to add condstop anyway.; 
cleo-server-5.13a-alt2.1.x86_64	init-lsb	warn	/etc/rc.d/init.d//cleo: lsb init header missing.  See http://www.altlinux.org/Services_Policy for details.; 
cleo-server-5.13a-alt2.1.x86_64	missing-url	info	Missing Url: in a package.; 
libstatgrab-0.16-alt1.qa1.1.x86_64	library-pkgnames-static	warn	package contains static library which has the same name as a shared library in the repository, but neither package name ends with -devel-static according to http://altlinux.org/Drafts/SharedLibs nor the package explicitly conflicts with the package with .so library;