perl-MySQL-Sandbox-scripts-3.0.42-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/test_sandbox: $ grep -A5 -B5 /tmp/ /usr/bin/test_sandbox } sub get_exec_result_qx { my ($cmd) = @_; print "qx(shell) $cmd\n" if $verbose; my $output = qx($cmd 2>/tmp/err$$); if ($?) { die ("error executing $cmd ($!)\n"); } if ( -f "/tmp/err$$") { open my $efh, '<', "/tmp/err$$" or die "can't open /tmp/err$$ ($!)\n"; my $err_output=''; while (my $line = <$efh>) { next if $line =~ /Warning: Using a password/; $err_output .= $line; } close $efh; unlink "/tmp/err$$"; #if ($err_output) #{ # warn "# error executing $cmd\n"; # warn "#$err_output"; #};