eGroupWare-phpsysinfo-1.8-alt5.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/egroupware/phpsysinfo/tools/GenerateCL.sh: $ grep -A5 -B5 /tmp/ /usr/share/egroupware/phpsysinfo/tools/GenerateCL.sh #!/bin/sh # run this in phpsysinfo home dir # rm -f ChangeLog.bak ChangeLog /tmp/xx.txt /tmp/ChangeLog find . -type f | sed -e 's/\.\///g' | grep -v -w CVS | grep -v -x 'config.php'| grep -v '^tools/' | grep -v -x 'genlog.sh' > /tmp/xx.txt cat /tmp/xx.txt | xargs ./tools/cvs2cl.pl -t -f /tmp/ChangeLog sed -e 's/webbie$/webbie (webbie at ipfw dot org)/g' \ -e 's/precision$/precision Uriah Welcome (precision at users.sf.net)/g' \ -e 's/jengo$/jengo Joseph Engo (jengo at users.sf.net)/g' \ -e 's/neostrider$/neostrider Joseph King (neostrider at users.sf.net)/g' \ -e 's/bigmichi1$/bigmichi1 Michael Cramer (bigmichi1 at users.sf.net)/g' \ /tmp/ChangeLog > ChangeLog rm -f /tmp/xx.txt /tmp/ChangeLog;