fail	perl-App-Wallflower-scripts-1.004-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/wallflower: $ grep -A5 -B5 /tmp/ /usr/bin/wallflower /javascripts/jquery.js Passing this list to B<wallflower> gives the following result: $ wallflower -a bin/app.pl -d /tmp -F urls.txt 200 / => /tmp/output/index.html [5367] 200 /404.html => /tmp/output/404.html [499] 200 /500.html => /tmp/output/500.html [510] 200 /css/error.css => /tmp/output/css/error.css [1210] 200 /css/style.css => /tmp/output/css/style.css [2850] 404 /favicon.ico 404 /images/perldancer-bg.jpg 404 /images/perldancer.jpg 200 /javascripts/jquery.js => /tmp/output/javascripts/jquery.js [248235] Note that URLs with a path ending in a C</> are considered directories and have the default I<index> filename appended, and that wallflower will behave unpredictably if the site contains pages accessible through URLs ending both in F<foo> and F<foo/>. This is arguably a bug, but it's; 
fail	perl-CIPP-3.0.8-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/CIPP/Compile/cipp_perlcheck.pl: $ grep -A5 -B5 /tmp/ /usr/share/perl5/CIPP/Compile/cipp_perlcheck.pl exit 1; } sub writelog { my ($msg) = @_; return if not -f "/tmp/do.the.cipp3debug"; my $date = scalar(localtime(time)); open (LOG, ">> /tmp/perlcheck.log"); select LOG; $| = 1; select STDOUT; print LOG "-" x 80, "\n"; print LOG "cipp_perlcheck.pl: $date $$\t$msg\n"; close LOG;; 
fail	perl-File-SmartTail-scripts-1.0.0-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/rtail.pl: $ grep -A5 -B5 /tmp/ /usr/bin/rtail.pl $args{-statuskey} and push @newargs, '-statuskey' => $args{-statuskey}; my $tail = new File::SmartTail( @newargs ); $tail->WatchFile(%args); open (STDOUT, ">> /tmp/rtail.out.$$"); # Diagnostics. open (STDERR, ">> /tmp/rtail.out.$$"); # Diagnostics. chmod( 0700, "/tmp/rtail.out.$$" ); my $oldfh = select(STDOUT); $| = 1; select(STDERR); $| = 1; select($oldfh); alarm $timeout; my $new_sock = $sock->accept();; 
fail	perl-MySQL-Sandbox-scripts-3.0.42-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/test_sandbox: $ grep -A5 -B5 /tmp/ /usr/bin/test_sandbox } sub get_exec_result_qx { my ($cmd) = @_; print "qx(shell) $cmd\n" if $verbose; my $output = qx($cmd 2>/tmp/err$$); if ($?) { die ("error executing $cmd ($!)\n"); } if ( -f "/tmp/err$$") { open my $efh, '<', "/tmp/err$$" or die "can't open /tmp/err$$ ($!)\n"; my $err_output=''; while (my $line = <$efh>) { next if $line =~ /Warning: Using a password/; $err_output .= $line; } close $efh; unlink "/tmp/err$$"; #if ($err_output) #{ # warn "# error executing $cmd\n"; # warn "#$err_output"; #}; 
fail	perl-Net-DSML-0.003-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/perl-Net-DSML-0.003/Examples/UsingXslt: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-Net-DSML-0.003/Examples/UsingXslt } # get the return xml content, should be the status of the dsml request. $postData = $webdsml->content(); open(OUT, ">>/tmp/dsml.xml"); print(OUT $postData); close(OUT); $xsl = './html_1.xsl'; $xmlfile = 'file:///tmp/dsml.xml'; my $xslt = XML::XSLT->new ($xsl); $xslt->transform($xmlfile); open(OUT, ">>/tmp/dsml.html"); print( OUT $xslt->toString); close(OUT); $xslt->dispose();; 
fail	perl-PBS-Client-scripts-0.10-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/run: $ grep -A5 -B5 /tmp/ /usr/bin/run =item (2) Execute C<./a.out -a arg1 -b arg2 arg3> run "./a.out -a arg1 -b arg2 arg3" =item (3) Execute C<< ./a.out > /tmp/a.dat >> run "./a.out > /tmp/a.dat" =back =head1 REQUIREMENTS; 
fail	perl-Parse-RPN-2.83-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/Parse/RPN.pl: $ grep -A5 -B5 /tmp/ /usr/share/perl5/Parse/RPN.pl sub save { my $file = shift; my $data = shift; print "save file=$file\tdata=$data\n"; open FILE, ">/tmp/$file"; print FILE $data; close FILE; } sub restore { my $file = shift; open FILE, "/tmp/$file"; my $data = <FILE>; close FILE; print "restore file=$file\tdata=$data\n"; return $data; }; 
fail	perl-kif-2.01-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/KIF/Build.pm: $ grep -A5 -B5 /tmp/ /usr/share/perl5/KIF/Build.pm { # # Save the current configuration, if any. # move($_, '/tmp/' . basename($_) . "-$theReleaseTagXXX") if (!$theObject->testFlag()) ; $theObject->_print("Moved $_ => /tmp/" . basename($_) . "-$theReleaseTagXXX\n", 1) ; } ; } ; $theObject->run("make distclean") ; for ($theIndex = 0; $theIndex < scalar(@theFileList); $theIndex++) { $_ = '/tmp/' . basename($theFileList[$theIndex]) . "-$theReleaseTagXXX" ; if (-e $_) { # # Restore the current configuration, if any.; 
fail	perl-snaked-scripts-0.14-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/snaked: $ grep -A5 -B5 /tmp/ /usr/bin/snaked # Thu Jun 24 10:29:38 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [24836] requested to restart # Thu Jun 24 10:29:38 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [24836] stopped # Thu Jun 24 10:29:54 2010 [/opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked] [WARN] [29246] snaked is already running: /usr/bin/perl /opt/home/monitor/ps-snake/usr/local/ps-snake/bin/snaked --daemon --cfg /opt/home/monitor/ps-snake/etc/ps-farm/options/ps-snaked [24836] # # [monitor@orange64 ~]$ uname -a # FreeBSD orange64.yandex.ru 7.2-STABLE FreeBSD 7.2-STABLE #0 r199991M: Mon Feb 8 12:50:25 MSK 2010 root@distillatory.yandex.ru:/place/tmp/mk_pkg.wG1LSf1f/obj/place/GIT-repos/FreeBSD-7-r199991/sys/PRODUCTION amd64 # # Proc::ProcessTable 0.54 # $ENV{'snaked_cleanup_already_running'} = 1; -- if ($> eq 0) { Yandex::Tools::write_file_scalar($target_dir . "/log", "/var/log/snaked.log\n"); Yandex::Tools::write_file_scalar($target_dir . "/admin_email", "root\n"); } else { Yandex::Tools::write_file_scalar($target_dir . "/log", "/tmp/snaked.log\n"); Yandex::Tools::write_file_scalar($target_dir . "/admin_email", getpwuid($>) . "\n"); } File::Path::mkpath($target_dir . "/jobs/every_hour"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_hour/execution_schedule", "0 usr usr usr *\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_hour/cmd", "uptime >> /tmp/snaked_every_hour\n"); chmod(0755, $target_dir . "/jobs/every_hour/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/every_hour/cmd" . "]", {'no_log' => 1}); File::Path::mkpath($target_dir . "/jobs/every_ten_seconds"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_ten_seconds/execution_interval", "10\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/every_ten_seconds/cmd", "uptime >> /tmp/snaked_every_ten_seconds\nsleep 2\n"); chmod(0755, $target_dir . "/jobs/every_ten_seconds/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/every_ten_seconds/cmd" . "]", {'no_log' => 1}); File::Path::mkpath($target_dir . "/jobs/fast_job"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/execution_interval", "1\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/cmd", "uptime >> /tmp/snaked_fast_job\n"); Yandex::Tools::write_file_scalar($target_dir . "/jobs/fast_job/conflicts", "every_ten_seconds\n"); chmod(0755, $target_dir . "/jobs/fast_job/cmd") || Yandex::Tools::die("Unable to set permissions on [" . $target_dir . "/jobs/fast_job/cmd" . "]", {'no_log' => 1}); print "written sample configuration to: $target_dir\n"; exit(0);; 
info	perl-Image-ParseGIF-0.2-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/perl-Image-ParseGIF-0.2/examples/main.cgi: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-Image-ParseGIF-0.2/examples/main.cgi if ($key eq '') # new request, send status page, and write progress to pipe { $key = 3; #URI::Escape::uri_escape(rand(1<<31)); # create a named pipe with which to talk to the status script system('mkfifo', "/tmp/status.$key"); $SIG{PIPE} = 'IGNORE'; # should check $! (== EPIPE) after writes print join("\n", ( "Expires: 0", "Pragma: no-cache", -- "<a href=\"main.cgi?key=$key\"><img src=status.cgi?key=$key border=0 width=200 height=40></a>", "<p>", # 'flush' the last paragraph )); # open for reading as well as writing to avoid blocking open(STATUS, "+>/tmp/status.$key"); select(STATUS); $| = 1; flock(STATUS, LOCK_EX); # block the 'Done' step till we are done (below) my $steps = 10; -- else { print "Content-type: text/html\n\n"; # wait till the work is done open(STATUS, "+>/tmp/status.$key"); # just to get a lock unless (flock(STATUS, LOCK_SH|LOCK_NB)) { print "waiting for request to complete...<p>\n"; flock(STATUS, LOCK_SH); } close(STATUS); unlink ("/tmp/status.$key"); print "Done.\n"; }; 
info	perl-tagged-0.1-alt1.noarch	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/perl-tagged-0.1/examples/tagged.pl: $ grep -A5 -B5 /tmp/ /usr/share/doc/perl-tagged-0.1/examples/tagged.pl next unless defined $info; if (ref $info) { print "$frame $name:\n"; while(my ($key,$val)=each %$info) { if (0==1 && $frame eq "APIC" && $key eq "_Data") { # view pics open (FH, ">/tmp/temp.$v2"); print FH $val; close FH; system("xview /tmp/temp.$v2 &"); #choose this to another program if you want } $val= length($val) ." Bytes" if $key =~ /^_/; # _... means binary data print " usr $key => $val\n" unless $key eq "tagname"; } } else {;