perl-File-SmartTail-scripts-1.0.0-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/rtail.pl: $ grep -A5 -B5 /tmp/ /usr/bin/rtail.pl $args{-statuskey} and push @newargs, '-statuskey' => $args{-statuskey}; my $tail = new File::SmartTail( @newargs ); $tail->WatchFile(%args); open (STDOUT, ">> /tmp/rtail.out.$$"); # Diagnostics. open (STDERR, ">> /tmp/rtail.out.$$"); # Diagnostics. chmod( 0700, "/tmp/rtail.out.$$" ); my $oldfh = select(STDOUT); $| = 1; select(STDERR); $| = 1; select($oldfh); alarm $timeout; my $new_sock = $sock->accept();;