|
pyrpm-0.69-alt2.1.noarch |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/pyrpmkickstart: $ grep -A5 -B5 /tmp/ /usr/bin/pyrpmkickstart return 1 source_dir = stage2_dir+"/mnt/source" target_dir = stage2_dir+"/mnt/sysimage" repos_dir = stage2_dir+"/mnt/repos" # nfs repo base directory cache_dir = stage2_dir+"/tmp/cache" # create mount points create_dir("", source_dir) create_dir("", target_dir) create_dir("", repos_dir) -- # create cache dir pyrpm.rpmconfig.cachedir = cache_dir # global logging create_dir(tempdir, "/tmp") log_filename = tempdir+"/tmp/pyrpmkickstart.log" log_file = pyrpm.logger.FileLog(log_filename) log.info1("Logging to '%s'.", log_filename) log.addInfoLogging("*", log_file, fmt="%(date)s %(label)s%(message)s") log.addDebugLogging("*", log_file, fmt="%(date)s %(label)s%(message)s") # set extra file logging -- del t # create temporary devices which are usable by grub (hda, hda1, ..) devmap = { } # device mapping for disk in hds: dev = "/tmp/%s" % disk copy_device(diskmap[disk]["device"], target_chroot, source_dir=stage2_dir, target=dev) devmap[diskmap[disk]["device"]] = dev for onpart in partitionmap: if partitionmap[onpart].has_key("raid"): pass elif partitionmap[onpart].has_key("volgroup"): # already done pass else: dev = "/tmp/%s%d" % (partitionmap[onpart]["disk"], partitionmap[onpart]["id"]) copy_device(partitionmap[onpart]["device"], target_chroot, source_dir=stage2_dir, target=dev) devmap[partitionmap[onpart]["device"]] = dev -- if not create_file(target_chroot, "/boot/grub/devices.map", content): return 1 # grub setup content = [ '/sbin/grub --batch >/tmp/grub-setup.log <
|