 |
crossfire-maps-bigworld-1.11.0-alt1.qa1.1.1.noarch |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/games/crossfire/maps-bigworld/Info/combine.pl: $ grep -A5 -B5 /tmp/ /usr/share/games/crossfire/maps-bigworld/Info/combine.pl # If we already have a combined image, then we only need to paste # the new bits onto it, saving a bunch of time if (! -f "images/combine.ppm") { system("ppmmake \\#000 $DEST_WIDTH $DEST_HEIGHT > /tmp/tmp.ppm"); $first_run=1; print "Creating images for the first time.\n"; } else { system("cp images/combine.ppm /tmp/tmp.ppm"); $first_run=0; } print "Processing."; for ($x=0; $x<$NUM_X; $x++) { -- if ($time1 > $time2) { $cmd = $CFEDITOR; $cmd =~ s#%I#$cwd/world/world_$dx\_$dy#; $cmd =~ s#%O#$cwd/images/world_$dx\_$dy.png#; system($cmd); system("pngtopnm images/world_$dx\_$dy.png | pnmscale -xysize $TILE_WIDTH $TILE_HEIGHT > /tmp/ppm.tmp"); $sx = $x etc usr var $TILE_WIDTH; $sy = $y etc usr var $TILE_HEIGHT; system("pnmpaste /tmp/ppm.tmp $sx $sy /tmp/tmp.ppm > /tmp/tmp.ppm1"); unlink("/tmp/tmp.ppm"); rename("/tmp/tmp.ppm1", "/tmp/tmp.ppm"); } } } system("mv /tmp/tmp.ppm images/combine.ppm"); print "\n"; |