tcl-httpd-manual-3.5.1-alt1.qa1.x86_64	unsafe-tmp-usage-in-scripts	info	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/tcl-httpd-3.5.1/htdocs/cgi-bin/wiki.cgi: $ grep -A5 -B5 /tmp/ /usr/share/doc/tcl-httpd-3.5.1/htdocs/cgi-bin/wiki.cgi cd ~welch/kit WIKIT_BASE=http://medlicott.panasas.com:8015/wiki export WIKIT_BASE echo $SCRIPT_NAME > /tmp/wiki.log echo HTTP/1.0 200 ok if [ ! -f /usr10/home/welch/kit/tclkit-linux-i686 ]; then echo "wiki.cgi not configured"; 
tcl-httpd-server-3.5.1-alt1.qa1.x86_64	init-but-no-native-systemd	info	The package have SysV init script(s) but no native systemd files.; 
tcl-httpd-server-3.5.1-alt1.qa1.x86_64	init-lsb	fail	/etc/rc.d/init.d/tclhttpd: not systemd compatible: lsb init header missing and tclhttpd.service is not present.  See http://www.altlinux.org/Services_Policy for details.; 
tcl-httpd-server-3.5.1-alt1.qa1.x86_64	subdir-in-var-run	info	Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.;