perl-tagged-0.1-alt1.noarch	unsafe-tmp-usage-in-scripts	info	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/perl-tagged-0.1/examples/tagged.pl: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-tagged-0.1/examples/tagged.pl next unless defined $info; if (ref $info) { print "$frame $name:\n"; while(my ($key,$val)=each %$info) { if (0==1 && $frame eq "APIC" && $key eq "_Data") { # view pics open (FH, ">/tmp/temp.$v2"); print FH $val; close FH; system("xview /tmp/temp.$v2 &"); #choose this to another program if you want } $val= length($val) ." Bytes" if $key =~ /^_/; # _... means binary data print " usr $key => $val\n" unless $key eq "tagname"; } } else {;