installer-alterator-pkg-3.1.8-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/pkg-size: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/pkg-size echo "pkg-size:start" echo "$in_lists" > /var/lib/installer-alterator-pkg/pkg-list local tmpfile="$(make_manifest ${in_lists//;/ })" if [ -s "$tmpfile" ]; then stderr_handler & echo "n"|apt-get --simple-output install --manifest "$tmpfile" 2>> /tmp/install2.log || rc=$? else echo "apt-get:status:disk-size:0k" fi rm -f "$tmpfile" # ignore the no free space error before partitioning the disk local no_space_err_msg="E: You don't have enough free space in " if [[ ! -e /tmp/fstab && "$(tail -n 1 /tmp/install2.log)" == "$no_space_err_msg"* && "$rc" == "100" ]]; then rc=1 fi echo "pkg-size:finish:$rc" } Found error in /usr/lib/alterator/backend3/pkg-install: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/pkg-install write) [ -z "$AUTOINSTALL" ] || in_auto='#t' case "$in__objects" in /) if test_bool "$in_auto"; then make_apt < /dev/null &> /tmp/pkg-install.log else start_pipe &> /tmp/pkg-install.log fi ;; notify) write_pipe "$in_message" ;;;