cairo-dock-netspeed-3.1.0-alt1.M70P.1.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/cairo-dock/plug-ins/netspeed/netspeed: $ grep -A5 -B5 /tmp/ /usr/share/cairo-dock/plug-ins/netspeed/netspeed # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # http://www.gnu.org/licenses/licenses.html#GPL rm -f /tmp/netspeed #Il est pas beau mon script hein ^^ cat /proc/net/dev | sed -e '{1d;2d;3d}' -e "s/:/é/g" -e "s/ /_/g" -e "s/_*\(.*\)é_*\([0-9][0-9]*\)__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*\([0-9][0-9]*\)__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*__*[0-9][0-9]*/\1>\2>\3/" > /tmp/netspeed echo time >> /tmp/netspeed date +%s%N >> /tmp/netspeed echo stop >> /tmp/netspeed;