 |
mstflint-1.4-alt2.qa1.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/hca_self_test.ofed: $ grep -A5 -B5 /tmp/ /usr/bin/hca_self_test.ofed fi # Check host driver initialization HOST_DRIVER_INIT=0 if [ $NUM_HCAS -ne 0 ] && [ $RPM_CHECK_FAIL -eq 0 ]; then MODPROBE_OUT_FILE="/tmp/hca_self_test_modprobe.output" # Save the output of modprobe ib_ipoib in a tmp file modprobe ib_ipoib &> $MODPROBE_OUT_FILE let RET_CODE=$? if [ $RET_CODE -eq 0 ]; then echo -e "Host Driver Initialization ............. ${green}PASS" -- # Kernel syslog check # Save the output of dmesg in a tmp file if [ $HOST_DRIVER_INIT -eq 1 ]; then dmesg > /tmp/hca_self_test_dmesg.output VAPI_ERROR_COUNT=`egrep oom-\|"Out of Memory"\|tsIb\|VAPI\|THH_\|THHUL\|KERNEL_IB\|IB_NET\|MOD_LNX_SDP /tmp/hca_self_test_dmesg.output 2> /dev/null | grep -v 'SOCK: GETSOCKOPT unimplemented option <2>' | wc -l` OOPS_COUNT=`grep Oops /tmp/hca_self_test_dmesg.output 2> /dev/null | wc -l` KERNEL_PANIC_COUNT=`grep "Kernel panic" /tmp/hca_self_test_dmesg.output 2> /dev/null | wc -l` if [ $VAPI_ERROR_COUNT -eq 0 ] && [ $OOPS_COUNT -eq 0 ] && [ $KERNEL_PANIC_COUNT -eq 0 ]; then echo -e "Kernel Syslog Check .................... ${green}PASS" tput sgr0 else echo -e "Kernel Syslog Check .................... ${red}FAIL" tput sgr0 EXIT_CODE=1 if [ $OOPS_COUNT -ne 0 ]; then echo " REASON: Kernel syslog reported: Oops " grep Oops /tmp/hca_self_test_dmesg.output | uniq | awk -F'\n' '{print " " $1 }' fi if [ $KERNEL_PANIC_COUNT -ne 0 ]; then echo " REASON: Kernel syslog reported: Kernel panic " grep "Kernel panic" /tmp/hca_self_test_dmesg.output | uniq | awk -F'\n' '{print " " $1 }' fi if [ $VAPI_ERROR_COUNT -ne 0 ]; then echo " REASON: Kernel syslog reported: Driver messages " egrep oom-\|"Out of Memory"\|tsIb\|VAPI\|THH_\|THHUL\|KERNEL_IB\|IB_NET\|MOD_LNX_SDP /tmp/hca_self_test_dmesg.output | grep -v 'SOCK: GETSOCKOPT unimplemented option <2>' | uniq | awk -F'\n' '{print " " $1 }' fi fi else echo "Kernel Syslog Check .................... NA" fi -- done fi echo "------------------ DONE ---------------------" echo #rm -f /tmp/hca_self_test_modprobe.output rm -f /tmp/hca_self_test_dmesg.output exit $EXIT_CODE |