perl-kif-2.01-alt1.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/KIF/Build.pm: $ grep -A5 -B5 /tmp/ /usr/share/perl5/KIF/Build.pm { # # Save the current configuration, if any. # move($_, '/tmp/' . basename($_) . "-$theReleaseTagXXX") if (!$theObject->testFlag()) ; $theObject->_print("Moved $_ => /tmp/" . basename($_) . "-$theReleaseTagXXX\n", 1) ; } ; } ; $theObject->run("make distclean") ; for ($theIndex = 0; $theIndex < scalar(@theFileList); $theIndex++) { $_ = '/tmp/' . basename($theFileList[$theIndex]) . "-$theReleaseTagXXX" ; if (-e $_) { # # Restore the current configuration, if any.;