 |
kismet-common-2010.07.R1-alt1.1.qa1.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/kismet-common-2010.07.R1/old/multi-gpsmap.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/kismet-common-2010.07.R1/old/multi-gpsmap.sh if [[ $lat != 0 ]]; then echo $lat cat > /dev/null break fi done > /tmp/mg$$ latitude=`cat /tmp/mg$$` bc -l << EOF > /tmp/mg$$ scale=3 c(($latitude etc usr 8 etc usr a(1))/360) EOF cos_lat=`cat /tmp/mg$$` rm /tmp/mg$$ awk '/gps-point/ { if ( $3 ~ "source.*" ) { print $6" "$7 } else { print $5" "$6 }}' < $1 | while read line; do eval $line echo $lat $lon done | awk -v cos_lat=$cos_lat -v scale=$scale 'BEGIN {olat=0} |