perl-snaked-scripts-0.14-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/snaked: $ grep -A5 -B5 /tmp/ /usr/bin/snaked # Thu Jun 24 10:29:38 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [24836] requested to restart # Thu Jun 24 10:29:38 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [24836] stopped # Thu Jun 24 10:29:54 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [WARN] [29246] snaked is already running: /usr/bin/perl /opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked --daemon --cfg /opt/home/monitor/ps-snake/etc/ps-farm/options/ps-snaked [24836] # # [monitor@orange64 ~]$ uname -a # FreeBSD orange64.yandex.ru 7.2-STABLE FreeBSD 7.2-STABLE #0 r199991M: Mon Feb 8 12:50:25 MSK 2010 root@distillatory.yandex.ru:/place/tmp/mk_pkg.wG1LSf1f/obj/place/GIT-repos/FreeBSD-7-r199991/sys/PRODUCTION amd64 # # Proc::ProcessTable 0.54 # $ENV{'snaked_cleanup_already_running'} = 1; -- if ($> eq 0) { Yandex::Tools::write_file_scalar($target_dir . "/log", "/var/log/snaked.log\n"); Yandex::Tools::write_file_scalar($target_dir . "/admin_email", "root\n"); } else { Yandex::Tools::write_file_scalar($target_dir . "/log", "/tmp/snaked.log\n"); Yandex::Tools::write_file_scalar($target_dir . "/admin_email", getpwuid($>) . "\n"); } File::Path::mkpath($target_dir . "/jobs/every_hour"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_hour/execution_schedule", "0 usr usr usr *\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_hour/cmd", "uptime >> /tmp/snaked_every_hour\n"); chmod(0755, $target_dir . "/jobs/every_hour/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/every_hour/cmd" . "]", {'no_log' => 1}); File::Path::mkpath($target_dir . "/jobs/every_ten_seconds"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_ten_seconds/execution_interval", "10\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_ten_seconds/cmd", "uptime >> /tmp/snaked_every_ten_seconds\nsleep 2\n"); chmod(0755, $target_dir . "/jobs/every_ten_seconds/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/every_ten_seconds/cmd" . "]", {'no_log' => 1}); File::Path::mkpath($target_dir . "/jobs/fast_job"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/execution_interval", "1\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/cmd", "uptime >> /tmp/snaked_fast_job\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/conflicts", "every_ten_seconds\n"); chmod(0755, $target_dir . "/jobs/fast_job/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/fast_job/cmd" . "]", {'no_log' => 1}); print "written sample configuration to: $target_dir\n"; exit(0);;