perl-Image-ParseGIF-0.2-alt1.noarch	unsafe-tmp-usage-in-scripts	info	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/perl-Image-ParseGIF-0.2/examples/main.cgi: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-Image-ParseGIF-0.2/examples/main.cgi if ($key eq '') # new request, send status page, and write progress to pipe { $key = 3; #URI::Escape::uri_escape(rand(1<<31)); # create a named pipe with which to talk to the status script system('mkfifo', "/tmp/status.$key"); $SIG{PIPE} = 'IGNORE'; # should check $! (== EPIPE) after writes print join("\n", ( "Expires: 0", "Pragma: no-cache", -- "<a href=\"main.cgi?key=$key\"><img src=status.cgi?key=$key border=0 width=200 height=40></a>", "<p>", # 'flush' the last paragraph )); # open for reading as well as writing to avoid blocking open(STATUS, "+>/tmp/status.$key"); select(STATUS); $| = 1; flock(STATUS, LOCK_EX); # block the 'Done' step till we are done (below) my $steps = 10; -- else { print "Content-type: text/html\n\n"; # wait till the work is done open(STATUS, "+>/tmp/status.$key"); # just to get a lock unless (flock(STATUS, LOCK_SH|LOCK_NB)) { print "waiting for request to complete...<p>\n"; flock(STATUS, LOCK_SH); } close(STATUS); unlink ("/tmp/status.$key"); print "Done.\n"; };