)[^<]+" /tmp/.gmail | grep -v Gmail) # prepare tooltip string out=$(for (( i=0; i<$num_messages; i++ )); do echo "${names[i]} - ${subjects[i]}#"; done) toolstr="$(echo $out | sed -e 's/\# /\n/g' | sed -e 's/\#//g')" # check to see if there are new, new messages (only notify if something new has arrived) new_msgs=0 if [ $num_messages -gt 0 ]; then if [ -a /tmp/.gmail.lastid ]; then if [ "${ids[0]}" != "$(cat /tmp/.gmail.lastid)" ]; then echo ${ids[0]} > /tmp/.gmail.lastid let new_msgs=1 fi else echo ${ids[0]} > /tmp/.gmail.lastid let new_msgs=1 fi fi; info bash3-examples-3.2.57-alt5.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bash3-3.2.57/examples/scripts/bcsh.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/scripts/bcsh.sh ;; esac trap ':' 2 trap exit 3 trap "tail -n $savehist $histfile>/tmp/hist$$;uniq /tmp/hist$$ > $histfile;\ rm -f /tmp/*$$;exit 0" 15 getcmd=yes mailcheck= exclaim= echoit= -- while test "$line" != "end"; do echo $n "$PS2$c" read line cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ ed - /tmp/bcsh$$ << ++++ s/end/done/ s/foreach[ ]$.*$(/for \1 in / s/)// s/;/;do / w -- line=done ;; esac cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ ;; if[\ \ ]*) while test "$line" != "fi" && test "$line" != "endif" do echo $n "$PS2$c" -- line=fi ;; esac cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ case "`grep then /tmp/bcsh$$`" in "") # fix 'if foo bar' cases ed - /tmp/bcsh$$ << ++++ s/)/);then/ s/.*/;fi/ w ++++ ;; -- echo $n "$PS2$c" read line cmd="${cmd}@$line" done cmd="`echo \"$cmd\" | tr '@' ' '`" echo "$cmd" > /tmp/bcsh$$ ;; switch[\ \ ]*) while test "$line" != "endsw" do echo $n "$PS2$c" read line cmd="${cmd}@$line" done echo "$cmd" > /tmp/bcsh$$ ed - /tmp/bcsh$$ << '++++' 1,$s/@/\ /g g/switch.*(/s//case "/ s/)/" in/ 1,$s/case[ ]$.*$:$/;;\ -- g/breaksw/s/// 1,$s/default.*/;;\ *)/ w ++++ cmd="`cat /tmp/bcsh$$`" ;; *!*) hist=yes ;; esac -- echoit=yes getcmd=no continue ;; *~e) echo "$cmd" | sed -e "s@~e@@" > /tmp/bcsh$$ $EDITOR /tmp/bcsh$$ cmd="`cat /tmp/bcsh$$`" getcmd=no continue ;; *~v) echo "$cmd" | sed -e "s@~v@@" > /tmp/bcsh$$ echo "$lastcmd" > /tmp/bcsh$$ $VISUAL /tmp/bcsh$$ cmd="`cat /tmp/bcsh$$`" getcmd=no continue ;; exec[\ \ ]*) tail -n $savehist $histfile>/tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ ;; login[\ \ ]*|newgrp[\ \ ]*) tail -n $savehist $histfile>/tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ ;; logout|exit|bye) if test -s "$logoutfile" then # sh $logoutfile $SHELL $logoutfile fi tail -n $savehist $histfile > /tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ exit 0 ;; h|history) grep -n . $histfile | tail -n $history | sed -e 's@:@ @' | $PAGER continue -- continue ;; source[\ \ ]*) set - $cmd shift echo . $* > /tmp/cmd$$ . /tmp/cmd$$ run=no ;; wait) wait run=no ;; .[\ \ ]*) echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ run=no ;; cd|cd[\ \ ]*) # check if it will work first, or else this shell will terminate # if the cd dies. If you have a built-in test, you might want # to replace the try-it-and-see below with a couple of tests, # but it is probably just as fast like this. echo $cmd > /tmp/cmd$$ if ($SHELL /tmp/cmd$$) ; then . /tmp/cmd$$ fi run=no ;; awk[\ \ ]*|dd[\ \ ]*|cc[\ \ ]*|make[\ \ ]*) # these are the only commands I can think of whose syntax # includes an equals sign. Add others as you find them. echo "$cmd" > /tmp/bcsh$$ ;; setenv*|*=*) # handle setting shell variables, turning cshell syntax to Bourne # syntax -- note all variables must be exported or they will not # be usable in other commands echo "$cmd" > /tmp/cmd$$ ed - /tmp/cmd$$ << ++++ g/^setenv[ ]/s/[ ]/@/ g/^setenv@/s/[ ]/=/ g/^setenv@/s/// g/^set/s/// .t. \$s/=.*// s/^/export / w ++++ . /tmp/cmd$$ rm -f /tmp/cmd$$ run=no ;; unset[\ \ ]*|umask[\ \ ]*|export[\ \ ]*|set[\ \ ]*) # handle commands which twiddle current environment -- continue ;; esac ;; *) echo "$cmd" > /tmp/bcsh$$ ;; esac ;; no) echo "$cmd" > /tmp/bcsh$$ ;; esac ;; esac -- ;; *) case "$exclaim" in yes) cmd="`echo \"$cmd\" | sed -e 's@REALEXCLAMATIONMARK@!@g'`" echo "$cmd" > /tmp/bcsh$$ ;; esac case "$echoit" in yes) echo $cmd -- yes) case "${noclobber+yes}" in yes) case "$cmd" in *\>![\ \ ]*) ed - /tmp/bcsh$$ << ++++ g/>!/s//>/ w ++++ ;; *\>\>*) -- read answer case "$answer" in y*) ;; *) echo ':' > /tmp/bcsh$$ ;; esac ;; *) echo "${outfile}: file exists" echo ':' > /tmp/bcsh$$ ;; esac fi ;; esac -- esac ;; *) case "$cmd" in *\>![\ \ ]*) ed - /tmp/bcsh$$ << ++++ g/>!/s//>/g w ++++ ;; esac ;; esac (trap 'exit 1' 2 3; $BASH /tmp/bcsh$$) ;; esac case "$cmd" in $lastcmd) ;; Found error in /usr/share/doc/bash3-3.2.57/examples/misc/cshtobash: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/cshtobash # zsh-3.0. # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.? cshout cshin' 0 1 2 3 6 15 T=$'\t' SOURCE="${1:+source $1}" cat << EOF >cshin $SOURCE alias >! /tmp/cb$$.a setenv >! /tmp/cb$$.e set >! /tmp/cb$$.v EOF # give csh a minimal environment, similar to what login would provide /usr/bin/env - USER=$USER HOME=$HOME PATH=/usr/bin:/bin:/usr/ucb:. TERM=$TERM SHELL=$SHELL /bin/csh -i < ./cshin > cshout 2>&1 # First convert aliases cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- *) echo alias ${1}=\'$(echo "${2}" | sed "s:':'\\\\'':")\' ;; esac } EOF sed "s/^$[a-zA-Z0-9_]*$$T$.*$$/mkalias \1 '\2'/" < /tmp/cb$$.a >>/tmp/cb$$.1 echo '# csh aliases' echo $BASH /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g' -- # Would be nice to deal with embedded newlines, e.g. in TERMCAP, but ... sed -e '/^SHLVL/d' \ -e '/^PWD/d' \ -e "s/'/'"\\\\"''"/g \ -e "s/^$[A-Za-z0-9_]*=$/export \1'/" \ -e "s/$/'/" < /tmp/cb$$.e # Finally, convert local variables echo echo '# csh variables' echo -- sed -e 's/'"$T"'/=/' \ -e "s/'/'"\\\\"''"/g \ -e '/^[A-Za-z0-9_]*=[^(]/{ s/=/='"'/"' s/$/'"'/"' }' < /tmp/cb$$.v | sed -e '/^argv=/d' -e '/^cwd=/d' -e '/^filec=/d' -e '/^status=/d' \ -e '/^verbose=/d' \ -e '/^term=/d' \ -e '/^home=/d' \ -e '/^path=/d' \ -- # now some special csh variables converted to bash equivalents echo echo '# special csh variables converted to bash equivalents' echo sed -e 's/'"$T"'/=/' < /tmp/cb$$.v | grep "^cdpath=" | sed 's/(// s/ /:/g s/)// s/cdpath=/CDPATH=/' sed -e 's/'"$T"'/=/' < /tmp/cb$$.v | grep "^mail=" | sed 's/(// s/ /:/g s/)// s/mail=/MAILPATH=/' | Found error in /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.sh # usage: aliasconv.sh # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.?' 0 1 2 3 6 15 T=' ' cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- # the first thing we want to do is to protect single quotes in the alias, # since they whole thing is going to be surrounded by single quotes when # passed to mkalias sed -e "s:':\\'\\\'\\':" -e "s/^$[a-zA-Z0-9_-]*$$T$.*$$/mkalias \1 '\2'/" >>/tmp/cb$$.1 sh /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g' Found error in /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.bash: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.bash # usage: aliasconv.bash # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.?' 0 1 2 3 6 15 T=$'\t' cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- # the first thing we want to do is to protect single quotes in the alias, # since they whole thing is going to be surrounded by single quotes when # passed to mkalias sed -e "s:':\\'\\\'\\':" -e "s/^$[a-zA-Z0-9_-]*$$T$.*$$/mkalias \1 '\2'/" >>/tmp/cb$$.1 $BASH /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g'; info menu-2.1.41-alt22.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/menu-2.1.41/examples/cat: $ grep /tmp/ /usr/share/doc/menu-2.1.41/examples/cat #!/bin/sh cat > /tmp/menu-stdin exit 0 #In the good old days of menu-0 compatibility, one had to use: # #This file can be very usefull when you want to run one particular # #menu-method file several times, without running any of the others. # #In order to do so, do: # # - cp ./cat /etc/menu-methods/ # # - run update-menus so that the "cat" menu-method gets executed. # # Now you've got /tmp/menu-stdin. # # - With this file, you don't need update-menus at all any more, and you # # can symply run your hand-written "menu-test" menu-method by typing: # # ./menu-test < /tmp/menu-stdin # # # # The advantage of doing this is # # - none of the other menu-method files get excecuted (speedup) # # - update-menus doesn't need to open some hundred menu-entry files # # every time you test a change in your menu-method file. # # (speedup) # compat="menu-1" # command="cat > /tmp/menu-stdin"; info python3-module-dialog-3.4.0-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py: $ grep /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \ Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py: $ grep /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \;

fail GMT-common-6.1.1-alt1_1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/gmt/tools/gmt_prepmex.sh: $ grep /tmp/ /usr/share/gmt/tools/gmt_prepmex.sh # First get a reliable absolute path to the bundle's top directory pushd $(dirname $0) > /dev/null BUNDLEDIR=$(pwd | sed sB/Contents/Resources/share/toolsBBg) popd > /dev/null # Set path to the new gmt installation MEXGMT5DIR=/tmp/$$/gmt # Set path to additional subdirectories MEXLIBDIR=$MEXGMT5DIR/lib MEXINCDIR=$MEXGMT5DIR/include MEXSHADIR=$MEXGMT5DIR/share MEXBINDIR=$MEXGMT5DIR/bin cp -r etc usr $MEXBINDIR # Now copy the lib files printf "gmt_prepmex.sh: Copy and rename libraries\n" >&2 cd $BUNDLEDIR/Contents/Resources/lib # Find a list of all libs shipped with the OSX bundle, except our own: ls *.dylib | egrep -v 'libgmt.dylib|libpostscriptlight.dylib' > /tmp/l.lis # For each, duplicate into /opt/gmt but add a leading X to each name while read lib; do new=$(echo $lib | awk '{printf "libX%s\n", substr($1,4)}') cp $lib $MEXLIBDIR/$new done < /tmp/l.lis # Copy the supplement shared plugin cp gmt/plugins/supplements.so $MEXLIBDIR/gmt/plugins cd $MEXLIBDIR ls *.dylib > /tmp/l.lis printf "gmt_prepmex.sh: Rebaptize libraries\n" >&2 # For all libs in $MEXLIBDIR, change internal references to contain the leading "X" while read lib; do otool -L $lib | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') if [ $k -eq 1 ]; then # Do the id change was=$(echo $lib | awk -F/ '{print substr($1,4)}') install_name_tool -id /opt/gmt/lib/$new $lib else install_name_tool -change $old /opt/gmt/lib/$new $lib fi let k=k+1 done < /tmp/t.lis done < /tmp/l.lis # Set links to the new libs ln -s libXgmt.dylib libgmt.dylib ln -s libXpostscriptlight.dylib libpostscriptlight.dylib ln -s libXgmt.6.dylib libXgmt.dylib ln -s libXpostscriptlight.6.dylib libXpostscriptlight.dylib -- fi fi # Do plugin supplement separately since not called lib* cd gmt/plugins otool -L supplements.so | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') install_name_tool -change $old /opt/gmt/lib/$new supplements.so let k=k+1 done < /tmp/t.lis # Do bin dir cd $MEXBINDIR otool -L gmt | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=$(echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}') install_name_tool -change $old /opt/gmt/lib/$new gmt let k=k+1 done < /tmp/t.lis chmod -R ugo+r $MEXGMT5DIR printf "gmt_prepmex.sh: Install /opt/gmt\n" >&2 sudo cp -fpR $MEXGMT5DIR /opt rm -rf /tmp/$$ cd $here version=$(/opt/gmt/bin/gmt-config --version) # Report cat << EOF >&2 gmt_prepmex.sh: Made updated GMT $version installation in /opt/gmt; fail alterator-deploy-0.1.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/deploy: $ grep /tmp/ /usr/lib/alterator/backend3/deploy ;; esac ;; write) case "${in__objects##*/}" in set) echo "Role: ${in_role:?}" >> /tmp/out echo "Parameter: ${in_parameter:?}" >> /tmp/out echo "Value: ${in_value:?}" >> /tmp/out set_parameter "${in_role:?}" "${in_parameter:?}" "${in_value?}" ;; reset) reset_parameter "${in_role:?}" "${in_parameter:?}" ;;; fail alterator-mass-management-0.1.7-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/mass-management: $ grep /tmp/ /usr/lib/alterator/backend3/mass-management mkdir "$TASKS_DIR/task-$number" cat >"$TASKS_DIR/task-$number.yml" <> /tmp/mode.log echo "$(set|grep -a "in_")" >> /tmp/mode.log case "$in_action" in type) write_type_item hostlist hostname-list #write_type_item add_host hostname ;;; fail alterator-net-domain-0.7.3-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/net-domain: $ grep /tmp/ /usr/lib/alterator/backend3/net-domain ## https://www.altlinux.org/ActiveDirectory/DC ad_provision_domain() { local domain_name="$1" shift local log="/tmp/samba-dc-provision-$(date +%d.%m.%Y-%H:%M:%S)-$domain_name.log" # Begin log date > "$log" echo "Domain: $domain_name" >> "$log" echo >> "$log" if [ "$in_domain_type" = 'ad' ]; then if ipa_install_running; then ipa_install_stop fi env > /tmp/net-domain.txt ad_current_domain="$($samba_tool domain info '127.0.0.1' | sed 's/ *: /:/' | sed -n 's/^Domain://p')" # Check creation of existing domain if [ "$ad_current_domain" != "$in_domain" ]; then write_domain "$in_domain" "1"; fail asterisk-20.9.3-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/asterisk/scripts/ast_loggrabber: $ grep -A5 -B5 /tmp/ /usr/share/asterisk/scripts/ast_loggrabber # Timestamp to use for output files df=${tarball_uniqueid:-$(${DATEFORMAT})} # Extract the Python timestamp conver script from the end of this # script and save it to /tmp/.ast_tsconvert.py ss=`egrep -n "^#@@@SCRIPTSTART@@@" $0 |cut -f1 -d:` tail -n +${ss} $0 >/tmp/.ast_tsconvert.py tmpdir=$(mktemp -d) if [ -z "$tmpdir" ] ; then echo "${prog}: Unable to create temporary directory." exit 1 -- destdir="$tmpdir/$tardir/$(dirname $lf)" destfile="$tmpdir/$tardir/$lf" mkdir -p "$destdir" 2>/dev/null || : if [ -n "$LOG_DATEFORMAT" ] ; then echo "Converting $lf" cat "$lf" | python /tmp/.ast_tsconvert.py --format="$LOG_DATEFORMAT" --timezone="$LOG_TIMEZONE" > "${destfile}" else echo "Copying $lf" cp "$lf" "${destfile}" fi done echo "Creating /tmp/$tardir.tar.gz" tar -czvf /tmp/$tardir.tar.gz -C $tmpdir $tardir 2>/dev/null exit # Be careful editing the inline scripts. # They're space-indented. Found error in /usr/sbin/astversion: $ grep -A5 -B5 /tmp/ /usr/sbin/astversion # source directories to search SRC_DIRS=() main() { TMPFILE="/tmp/astversion.$$" sanity_check locate_files "$@" locate_libraries locate_modules -- scan_package_redhat() { PKGNAME="$1" if ! rpm -q $PKGNAME > /tmp/astversion-$PKGNAME-version then rm -f /tmp/astversion-$PKGNAME-version return 2 fi rpm -ql $PKGNAME > /tmp/astversion-$PKGNAME-files rpm -V $PKGNAME > /tmp/astversion-$PKGNAME-verify return 0 } scan_package_debian() { PKGNAME="$1" if ! dpkg -s $PKGNAME > $TMPFILE then rm -f /tmp/astversion-$PKGNAME-version return 2 fi # prefix the version with the package name to mimic rpm echo -n "$PKGNAME " > /tmp/astversion-$PKGNAME-version cat $TMPFILE | fgrep Version |cut -d ' ' -f2 >> /tmp/astversion-$PKGNAME-version dpkg -L $PKGNAME > /tmp/astversion-$PKGNAME-files dpkg -V $PKGNAME > /tmp/astversion-$PKGNAME-verify } package_has_file() { PKGNAME="$1" PKGFILE="$2" if [ ! -f /tmp/astversion-$PKGNAME-version ] then return 1 fi if [ ! -f /tmp/astversion-$PKGNAME-files ] then return 2 fi if ! fgrep "$PKGFILE" /tmp/astversion-$PKGNAME-files >/dev/null then # package doesn't have that file return 3 fi if fgrep "$PKGFILE" /tmp/astversion-$PKGNAME-verify >/dev/null then # file does not match package return 4 fi -- { # search each package and report files that match for PACKAGE in ${PACKAGES[@]} do scan_package_$DISTRO "$PACKAGE" PKGVERSION=$(cat /tmp/astversion-$PKGNAME-version) FOUND=() for FILE in ${FILES[@]} do if package_has_file "$PACKAGE" "$FILE" -- else echo "Matched ${#FOUND[@]} files to package $PKGVERSION" fi fi rm -f /tmp/astversion-$PKGNAME-version rm -f /tmp/astversion-$PKGNAME-files rm -f /tmp/astversion-$PKGNAME-verify done } search_source() {; fail bacula11-director-common-11.0.6-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bacula11-director-common-11.0.6/updatedb/update_mysql_tables_11_to_12: $ grep -A5 -B5 /tmp/ /usr/share/doc/bacula11-director-common-11.0.6/updatedb/update_mysql_tables_11_to_12 echo " " bindir=/usr/bin PATH="$bindir:$PATH" db_name=${db_name:-bacula} mysql $* -D ${db_name} -e "select VersionId from Version\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` if [ $DBVERSION != 11 ] ; then echo " " echo "The existing database is version $DBVERSION !!" echo "This script can only update an existing version 11 database to version 12." echo "Error. Cannot upgrade this database."; fail bacula11-director-mysql-11.0.6-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/bacula/scripts/update_mysql_tables: $ grep -A5 -B5 /tmp/ /usr/share/bacula/scripts/update_mysql_tables ARGS=$* getVersion() { mysql $ARGS -D ${db_name} -e "select VersionId from Version LIMIT 1\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` } getVersion if [ "x$DBVERSION" = x ]; then; fail bacula13-director-common-13.0.4-alt2.p10.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bacula13-director-common-13.0.4/updatedb/update_mysql_tables_11_to_12: $ grep -A5 -B5 /tmp/ /usr/share/doc/bacula13-director-common-13.0.4/updatedb/update_mysql_tables_11_to_12 echo " " bindir=/usr/bin PATH="$bindir:$PATH" db_name=${db_name:-bacula} mysql $* -D ${db_name} -e "select VersionId from Version\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` if [ $DBVERSION != 11 ] ; then echo " " echo "The existing database is version $DBVERSION !!" echo "This script can only update an existing version 11 database to version 12." echo "Error. Cannot upgrade this database."; fail bacula13-director-mysql-13.0.4-alt2.p10.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/bacula/scripts/update_mysql_tables: $ grep -A5 -B5 /tmp/ /usr/share/bacula/scripts/update_mysql_tables ARGS=$* getVersion() { mysql $ARGS -D ${db_name} -e "select VersionId from Version LIMIT 1\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` } getVersion if [ "x$DBVERSION" = x ]; then; fail bacula15-director-common-15.0.2-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bacula15-director-common-15.0.2/updatedb/update_mysql_tables_11_to_12: $ grep -A5 -B5 /tmp/ /usr/share/doc/bacula15-director-common-15.0.2/updatedb/update_mysql_tables_11_to_12 echo " " bindir=/usr/bin PATH="$bindir:$PATH" db_name=${db_name:-bacula} mysql $* -D ${db_name} -e "select VersionId from Version\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` if [ $DBVERSION != 11 ] ; then echo " " echo "The existing database is version $DBVERSION !!" echo "This script can only update an existing version 11 database to version 12." echo "Error. Cannot upgrade this database."; fail bacula15-director-mysql-15.0.2-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/bacula/scripts/update_mysql_tables: $ grep -A5 -B5 /tmp/ /usr/share/bacula/scripts/update_mysql_tables ARGS=$* getVersion() { mysql $ARGS -D ${db_name} -e "select VersionId from Version LIMIT 1\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` } getVersion if [ "x$DBVERSION" = x ]; then; fail dracut-060-alt0.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/99base/init.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/99base/init.sh # # Copyright 2008-2010, Red Hat, Inc. # Harald Hoyer # Jeremy Katz export -p > /tmp/export.orig NEWROOT="/sysroot" [ -d $NEWROOT ] || mkdir -p -m 0755 $NEWROOT OLDPATH=$PATH -- echo "$line" >> /etc/cmdline.d/99-cmdline-ask.conf done fi if ! getargbool 1 'rd.hostonly'; then [ -f /etc/cmdline.d/99-cmdline-ask.conf ] && mv /etc/cmdline.d/99-cmdline-ask.conf /tmp/99-cmdline-ask.conf remove_hostonly_files [ -f /tmp/99-cmdline-ask.conf ] && mv /tmp/99-cmdline-ask.conf /etc/cmdline.d/99-cmdline-ask.conf fi # run scriptlets to parse the command line make_trace_mem "hook cmdline" '1+:mem' '1+:iomem' '3+:slab' getarg 'rd.break=cmdline' -d 'rdbreak=cmdline' && emergency_shell -n cmdline "Break before cmdline" -- *) unset "$i" ;; esac done . /tmp/export.orig 2> /dev/null || : rm -f -- /tmp/export.orig initargs="" read -r CLINE < /proc/cmdline if getarg init= > /dev/null; then ignoreargs="console BOOT_IMAGE" Found error in /usr/lib/dracut/modules.d/98syslog/rsyslogd-start.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/98syslog/rsyslogd-start.sh set -f for filter in $filters; do echo "${filter} @${server}" done ) #echo "*.* /tmp/syslog" } [ -f /tmp/syslog.type ] && read -r type < /tmp/syslog.type [ -f /tmp/syslog.server ] && read -r server < /tmp/syslog.server [ -f /tmp/syslog.filters ] && read -r filters < /tmp/syslog.filters [ -z "$filters" ] && filters="kern.*" [ -f /tmp/syslog.conf ] && read -r conf < /tmp/syslog.conf [ -z "$conf" ] && conf="/etc/rsyslog.conf" && echo "$conf" > /tmp/syslog.conf if [ "$type" = "rsyslogd" ]; then template=/etc/templates/rsyslog.conf if [ -n "$server" ]; then rsyslog_config "$server" "$template" "$filters" > $conf Found error in /usr/lib/dracut/modules.d/98syslog/parse-syslog-opts.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/98syslog/parse-syslog-opts.sh syslogserver=$(getarg syslog.server -d syslog) syslogfilters=$(getargs syslog.filter -d filter) syslogtype=$(getarg syslog.type -d syslogtype) [ -n "$syslogserver" ] && echo "$syslogserver" > /tmp/syslog.server [ -n "$syslogfilters" ] && echo "$syslogfilters" > /tmp/syslog.filters if [ -n "$syslogtype" ]; then echo "$syslogtype" > /tmp/syslog.type else syslogtype=$(detect_syslog) echo "$syslogtype" > /tmp/syslog.type fi Found error in /usr/lib/dracut/modules.d/95nvmf/parse-nvmf-boot-connections.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95nvmf/parse-nvmf-boot-connections.sh vlan=$(nbft_run_jq .vlan "$hfi_json") || vlan=0 # treat VLAN zero as "no vlan" [ "$vlan" -ne 0 ] || vlan= [ ! -e /tmp/net."${iface}${vlan:+.$vlan}".has_ibft_config ] || return 0 dhcp=$(nbft_run_jq -r .dhcp_server_ipaddr "$hfi_json") # We need to check $? here as the above is an assignment # shellcheck disable=2181 if [ $? -eq 0 ] && [ "$dhcp" ] && [ "$dhcp" != null ]; then -- echo "ip=$ipaddr::$gateway:$prefix:$hostname:$iface${vlan:+.$vlan}:none${dns1:+:$dns1}${dns2:+:$dns2}" fi if [ "$vlan" ]; then echo "vlan=$iface.$vlan:$iface" echo "$mac" > "/tmp/net.$iface.$vlan.has_ibft_config" else echo "$mac" > "/tmp/net.$iface.has_ibft_config" fi : > /tmp/valid_nbft_entry_found } nbft_parse() { local nbft_json n_nbft all_hfi_json n_hfi local j=0 i -- if [ "$traddr" = "none" ]; then warn "traddr is mandatory for $trtype" return 0 fi if [ "$trtype" = "tcp" ]; then : > /tmp/nvmf_needs_network elif [ "$trtype" = "fc" ]; then if [ "$traddr" = "auto" ]; then rm -f /etc/nvme/discovery.conf /etc/nvme/config.json return 1 fi -- nvmf_hostid=$(getarg rd.nvmf.hostid -d nvmf.hostid=) if [ -n "$nvmf_hostid" ]; then echo "$nvmf_hostid" > /etc/nvme/hostid fi rm -f /tmp/nvmf-fc-auto for d in $(getargs rd.nvmf.discover -d nvmf.discover=); do parse_nvmf_discover "$d" || { : > /tmp/nvmf-fc-auto break } done if [ -e /tmp/nvmf_needs_network ] || [ -e /tmp/valid_nbft_entry_found ]; then echo "rd.neednet=1" > /etc/cmdline.d/nvmf-neednet.conf # netroot is a global variable that is present in all "sourced" scripts # shellcheck disable=SC2034 netroot=nbft rm -f /tmp/nvmf_needs_network fi /sbin/initqueue --settled --onetime --name nvmf-connect-settled /sbin/nvmf-autoconnect.sh settled /sbin/initqueue --timeout --onetime --name nvmf-connect-timeout /sbin/nvmf-autoconnect.sh timeout Found error in /usr/lib/dracut/modules.d/90dmraid/dmraid.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmraid/dmraid.sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh devenc=$(str_replace "$1" '/' '\2f') [ -e /tmp/dmraid."$devenc" ] && exit 0 : > /tmp/dmraid."$devenc" DM_RAIDS=$(getargs rd.dm.uuid -d rd_DM_UUID=) if [ -n "$DM_RAIDS" ] || getargbool 0 rd.auto; then # run dmraid if udev has settled Found error in /usr/lib/dracut/modules.d/90crypt/probe-keydev.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90crypt/probe-keydev.sh info "Probing $real_keydev for $keypath..." test_dev -f "$real_keydev" "$keypath" || exit 1 info "Found $keypath on $real_keydev" echo "$luksdev:$real_keydev:$keypath" >> /tmp/luks.keys Found error in /usr/lib/dracut/modules.d/90crypt/parse-keydev.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90crypt/parse-keydev.sh fi # A keydev of '/' is treated as the initrd itself if [ "/" = "$keydev" ]; then [ -z "$luksdev" ] && luksdev='*' echo "$luksdev:$keydev:$keypath" >> /tmp/luks.keys continue elif [ -n "$keydev" ]; then udevmatch "$keydev" >&7 || { warn 'keydev incorrect!' continue Found error in /usr/lib/dracut/modules.d/04watchdog/watchdog.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/04watchdog/watchdog.sh #!/bin/sh if [ -e /dev/watchdog ]; then if [ ! -e /tmp/watchdog_timeout ]; then wdctl -s 60 /dev/watchdog > /dev/null 2>&1 : > /tmp/watchdog_timeout fi info "Triggering watchdog" : > /dev/watchdog else modprobe ib700wdt; fail dracut-live-060-alt0.1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh # live updates updates=$(getarg live.updates=) if [ -n "$updates" ]; then # make sure network comes up even if we're doing a local live device if [ -z "$netroot" ]; then echo > /tmp/net.ifaces fi echo "$updates" > /tmp/liveupdates.info echo '[ -e /tmp/liveupdates.done ]' > "$hookdir"/initqueue/finished/liveupdates.sh fi str_starts "$root" "live:" && liveurl="$root" str_starts "$liveurl" "live:" || return liveurl="${liveurl#live:}" Found error in /usr/lib/dracut/modules.d/90livenet/livenetroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90livenet/livenetroot.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin RETRIES=${RETRIES:-100} SLEEP=${SLEEP:-5} [ -e /tmp/livenet.downloaded ] && exit 0 # args get passed from 40network/netroot netroot="$2" liveurl="${netroot#livenet:}" info "fetching $liveurl" -- sleep "$SLEEP" fi i=$((i + 1)) done > /tmp/livenet.downloaded # TODO: couldn't dmsquash-live-root handle this? if [ "${imgfile##*.}" = "iso" ]; then root=$(losetup -f) losetup "$root" "$imgfile" Found error in /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live-autooverlay/create-overlay.sh #!/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/create-overlay.$$.out exec 2>> /tmp/create-overlay.$$.out set -x fi gatherData() { overlay=$(getarg rd.live.overlay) Found error in /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh do_iso_scan() { local _name local dev for dev in /dev/disk/by-uuid/*; do _name=$(dev_unit_name "$dev") [ -e /tmp/isoscan-"${_name}" ] && continue : > /tmp/isoscan-"${_name}" mount -t auto -o ro "$dev" "/run/initramfs/isoscan" || continue if [ -f "/run/initramfs/isoscan/$isofile" ]; then losetup -f "/run/initramfs/isoscan/$isofile" udevadm trigger --action=add > /dev/null 2>&1 ln -s "$dev" /run/initramfs/isoscandev Found error in /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh command -v unpack_archive > /dev/null || . /lib/img-lib.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/liveroot.$$.out exec 2>> /tmp/liveroot.$$.out set -x fi [ -z "$1" ] && exit 1 livedev="$1"; fail dracut-network-060-alt0.1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/95iscsi/parse-iscsiroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95iscsi/parse-iscsiroot.sh [ -z "$netroot" ] && netroot=iscsi: fi modprobe -b -q iscsi_boot_sysfs 2> /dev/null modprobe -b -q iscsi_ibft # if no ip= is given, but firmware echo "${DRACUT_SYSTEMD+systemctl is-active initrd-root-device.target || }[ -f '/tmp/iscsistarted-firmware' ]" > "$hookdir"/initqueue/finished/iscsi_started.sh initqueue --unique --online /sbin/iscsiroot online "iscsi:" "$NEWROOT" initqueue --unique --onetime --timeout /sbin/iscsiroot timeout "iscsi:" "$NEWROOT" initqueue --unique --onetime --settled /sbin/iscsiroot online "iscsi:" "'$NEWROOT'" fi -- sleep 1 fi fi # If not given on the cmdline and initiator-name available via iBFT if [ -z "$iscsi_initiator" ] && [ -f /sys/firmware/ibft/initiator/initiator-name ] && ! [ -f /tmp/iscsi_set_initiator ]; then iscsi_initiator=$(while read -r line || [ -n "$line" ]; do echo "$line"; done < /sys/firmware/ibft/initiator/initiator-name) if [ -n "$iscsi_initiator" ]; then echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi : > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- for nroot in $(getargs netroot); do [ "${nroot%%:*}" = "iscsi" ] || continue type parse_iscsi_root > /dev/null 2>&1 || . /lib/net-lib.sh parse_iscsi_root "$nroot" || return 1 netroot_enc=$(str_replace "$nroot" '/' '\2f') echo "${DRACUT_SYSTEMD+systemctl is-active initrd-root-device.target || }[ -f '/tmp/iscsistarted-$netroot_enc' ]" > "$hookdir"/initqueue/finished/iscsi_started.sh done # Done, all good! # shellcheck disable=SC2034 rootok=1 Found error in /usr/lib/dracut/modules.d/95iscsi/iscsiroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95iscsi/iscsiroot.sh modprobe crc32c 2> /dev/null # start iscsiuio if needed if [ -z "${DRACUT_SYSTEMD}" ] \ && { [ -e /sys/module/bnx2i ] || [ -e /sys/module/qedi ]; } \ && ! [ -e /tmp/iscsiuio-started ]; then iscsiuio : > /tmp/iscsiuio-started fi handle_firmware() { local ifaces retry _res -- else ifaces=$( set -- /sys/firmware/ibft/ethernet* echo $# ) read -r retry < /tmp/session-retry if [ "$retry" -lt "$ifaces" ]; then retry=$((retry + 1)) echo $retry > /tmp/session-retry return 1 else rm /tmp/session-retry fi # check to see if we have the new iscsiadm command, # that supports the "no-wait" (-W) flag. If so, use it. iscsiadm -m fw -l -W 2> /dev/null -- else need_shutdown fi fi [ -d /sys/class/iscsi_session ] || return 1 echo 'started' > "/tmp/iscsistarted-iscsi:" echo 'started' > "/tmp/iscsistarted-firmware" return 0 } handle_netroot() { -- # XXX is this needed? getarg ro && iscsirw=ro getarg rw && iscsirw=rw fsopts=${fsopts:+$fsopts,}${iscsirw} if [ -z "$iscsi_initiator" ] && [ -f /sys/firmware/ibft/initiator/initiator-name ] && ! [ -f /tmp/iscsi_set_initiator ]; then iscsi_initiator=$(while read -r line || [ -n "$line" ]; do echo "$line"; done < /sys/firmware/ibft/initiator/initiator-name) echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi : > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- iscsi_initiator=$(iscsi-iname) echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi : > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- return 1 fi : > "$hookdir"/initqueue/work netroot_enc=$(str_replace "$1" '/' '\2f') echo 'started' > "/tmp/iscsistarted-iscsi:${netroot_enc}" return 0 } ret=0 -- sleep 2 fi if getargbool 0 rd.iscsi.firmware -d -y iscsi_firmware; then if [ "$netif" = "timeout" ] || [ "$netif" = "online" ] || [ "$netif" = "dummy" ]; then [ -f /tmp/session-retry ] || echo 1 > /tmp/session-retry handle_firmware ret=$? fi fi Found error in /usr/lib/dracut/modules.d/45ifcfg/write-ifcfg.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/45ifcfg/write-ifcfg.sh #!/bin/sh # NFS root might have reached here before /tmp/net.ifaces was written type is_persistent_ethernet_name > /dev/null 2>&1 || . /lib/net-lib.sh udevadm settle --timeout=30 # shellcheck disable=SC2174 mkdir -m 0755 -p /tmp/ifcfg/ # shellcheck disable=SC2174 mkdir -m 0755 -p /tmp/ifcfg-leases/ get_config_line_by_subchannel() { local CHANNELS local line -- fi echo "DEVICE=\"$_netif\"" } for netup in /tmp/net.*.did-setup; do [ -f "$netup" ] || continue netif=${netup%%.did-setup} netif=${netif##*/net.} strglobin "$netif" ":*:*:*:*:" && continue [ -e /tmp/ifcfg/ifcfg-"$netif" ] && continue unset bridge unset bond unset bondslaves unset bondname unset bondoptions -- unset vlan unset vlanname unset phydevice # shellcheck disable=SC1090 [ -e /tmp/bond."${netif}".info ] && . /tmp/bond."${netif}".info # shellcheck disable=SC1090 [ -e /tmp/bridge."${netif}".info ] && . /tmp/bridge."${netif}".info # shellcheck disable=SC1090 [ -e /tmp/team."${netif}".info ] && . /tmp/team."${netif}".info read -r uuid < /proc/sys/kernel/random/uuid if [ "$netif" = "$bridgename" ]; then bridge=yes elif [ "$netif" = "$teammaster" ]; then -- elif [ "$netif" = "$bondname" ]; then # $netif can't be bridge and bond at the same time bond=yes fi for i in "/tmp/vlan.${netif}."*; do [ ! -e "$i" ] && continue # shellcheck disable=SC1090 . "$i" vlan=yes break -- [ -z "$vlan" ] && interface_bind "$netif" "$macaddr" echo "ONBOOT=yes" echo "NETBOOT=yes" echo "UUID=\"$uuid\"" strstr "$(ip -6 addr show dev "$netif")" 'inet6' && echo "IPV6INIT=yes" if [ -f /tmp/dhclient."$netif".lease ]; then # shellcheck disable=SC1090 [ -f /tmp/dhclient."$netif".dhcpopts ] && . /tmp/dhclient."$netif".dhcpopts if [ -f /tmp/net."$netif".has_ibft_config ]; then echo "BOOTPROTO=ibft" else echo "BOOTPROTO=dhcp" fi cp /tmp/dhclient."$netif".lease /tmp/ifcfg-leases/dhclient-"$uuid"-"$netif".lease else # If we've booted with static ip= lines, the override file is there # shellcheck disable=SC1090 [ -e /tmp/net."$netif".override ] && . /tmp/net."$netif".override if strglobin "$ip" '*:*:*'; then echo "IPV6INIT=yes" echo "IPV6_AUTOCONF=no" echo "IPV6ADDR=\"$ip/$mask\"" else if [ -f /tmp/net."$netif".has_ibft_config ]; then echo "BOOTPROTO=ibft" else echo "BOOTPROTO=none" echo "IPADDR=\"$ip\"" if strstr "$mask" "."; then -- elif [ -n "$gw" ]; then echo "GATEWAY=\"$gw\"" fi fi [ -n "$mtu" ] && echo "MTU=\"$mtu\"" } > /tmp/ifcfg/ifcfg-"$netif" # bridge needs different things written to ifcfg if [ -z "$bridge" ] && [ -z "$bond" ] && [ -z "$vlan" ] && [ -z "$team" ]; then # standard interface echo "TYPE=Ethernet" >> /tmp/ifcfg/ifcfg-"$netif" fi if [ -n "$vlan" ]; then { echo "TYPE=Vlan" echo "DEVICE=\"$netif\"" echo "VLAN=yes" echo "PHYSDEV=\"$phydevice\"" } >> /tmp/ifcfg/ifcfg-"$netif" fi if [ -n "$bond" ]; then # bond interface { # This variable is an indicator of a bond interface for initscripts echo "BONDING_OPTS=\"$bondoptions\"" echo "NAME=\"$netif\"" echo "TYPE=Bond" } >> /tmp/ifcfg/ifcfg-"$netif" for slave in $bondslaves; do # write separate ifcfg file for the raw eth interface ( echo "# Generated by dracut initrd" -- echo "SLAVE=yes" echo "MASTER=\"$netif\"" echo "UUID=\"$(cat /proc/sys/kernel/random/uuid)\"" unset macaddr # shellcheck disable=SC1090 [ -e /tmp/net."$slave".override ] && . /tmp/net."$slave".override interface_bind "$slave" "$macaddr" ) >> /tmp/ifcfg/ifcfg-"$slave" done fi if [ -n "$bridge" ]; then # bridge { echo "TYPE=Bridge" echo "NAME=\"$netif\"" } >> /tmp/ifcfg/ifcfg-"$netif" for slave in $bridgeslaves; do # write separate ifcfg file for the raw eth interface ( echo "# Generated by dracut initrd" echo "NAME=\"$slave\"" -- echo "NETBOOT=yes" echo "BRIDGE=\"$bridgename\"" echo "UUID=\"$(cat /proc/sys/kernel/random/uuid)\"" unset macaddr # shellcheck disable=SC1090 [ -e /tmp/net."$slave".override ] && . /tmp/net."$slave".override interface_bind "$slave" "$macaddr" ) >> /tmp/ifcfg/ifcfg-"$slave" done fi i=1 for ns in $(getargs nameserver) $dns1 $dns2; do echo "DNS${i}=\"${ns}\"" >> /tmp/ifcfg/ifcfg-"$netif" i=$((i + 1)) done [ -f /tmp/net.route6."$netif" ] && cp /tmp/net.route6."$netif" /tmp/ifcfg/route6-"$netif" [ -f /tmp/net.route."$netif" ] && cp /tmp/net.route."$netif" /tmp/ifcfg/route-"$netif" done # Pass network opts mkdir -m 0755 -p /run/initramfs/state/etc/sysconfig/network-scripts mkdir -m 0755 -p /run/initramfs/state/var/lib/dhclient echo "files /etc/sysconfig/network-scripts" >> /run/initramfs/rwtab echo "files /var/lib/dhclient" >> /run/initramfs/rwtab { cp /tmp/net.* /run/initramfs/ for i in /tmp/net.*.resolv.conf; do [ -f "$i" ] && cat "$i" done | awk '!($0 in a) { a[$0]; print }' > /run/initramfs/state/etc/resolv.conf [ -s /run/initramfs/state/etc/resolv.conf ] || rm -f /run/initramfs/state/etc/resolv.conf copytree /tmp/ifcfg /run/initramfs/state/etc/sysconfig/network-scripts cp /tmp/ifcfg-leases/* /run/initramfs/state/var/lib/dhclient } > /dev/null 2>&1 Found error in /usr/lib/dracut/modules.d/40network/net-lib.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/40network/net-lib.sh #!/bin/sh # shellcheck disable=SC2034 IFNETFILE="/tmp/bootnetif" is_ip() { echo "$1" | { IFS=. read -r a b c d test "$a" -ge 0 -a "$a" -le 255 \ -- } # list the configured interfaces configured_ifaces() { local IFACES="" iface_id="" rv=1 [ -e "/tmp/net.ifaces" ] && read -r IFACES < /tmp/net.ifaces if { pidof udevd || pidof systemd-udevd; } > /dev/null; then for iface_id in $IFACES; do printf "%s\n" "$(iface_name "$iface_id")" rv=0 done -- return $rv } all_ifaces_up() { local iface="" IFACES="" [ -e "/tmp/net.ifaces" ] && read -r IFACES < /tmp/net.ifaces for iface in $IFACES; do [ -e /tmp/net."$iface".up ] || return 1 done } all_ifaces_setup() { local iface="" IFACES="" [ -e "/tmp/net.ifaces" ] && read -r IFACES < /tmp/net.ifaces for iface in $IFACES; do [ -e /tmp/net."$iface".did-setup ] || return 1 done } get_netroot_ip() { local prefix="" server="" rest="" -- local netif="$1" # ip down/flush ensures that routing info goes away as well ip link set "$netif" down ip addr flush dev "$netif" echo "#empty" > /etc/resolv.conf rm -f -- /tmp/net."$netif".did-setup [ -z "$DO_VLAN" ] \ && [ -e /sys/class/net/"$netif"/address ] \ && rm -f -- "/tmp/net.$(cat /sys/class/net/"$netif"/address).did-setup" # TODO: send "offline" uevent? } setup_net() { local netif="$1" f="" gw_ip="" netroot_ip="" iface="" IFACES="" local _p [ -e /tmp/net."$netif".did-setup ] && return [ -z "$DO_VLAN" ] \ && [ -e /sys/class/net/"$netif"/address ] \ && [ -e "/tmp/net.$(cat /sys/class/net/"$netif"/address).did-setup" ] && return [ -e "/tmp/net.ifaces" ] && read -r IFACES < /tmp/net.ifaces [ -z "$IFACES" ] && IFACES="$netif" # run the scripts written by ifup # shellcheck disable=SC1090 [ -e /tmp/net."$netif".hostname ] && . /tmp/net."$netif".hostname # shellcheck disable=SC1090 [ -e /tmp/net."$netif".override ] && . /tmp/net."$netif".override # shellcheck disable=SC1090 [ -e /tmp/dhclient."$netif".dhcpopts ] && . /tmp/dhclient."$netif".dhcpopts # set up resolv.conf [ -e /tmp/net."$netif".resolv.conf ] \ && awk '!array[$0]++' /tmp/net."$netif".resolv.conf > /etc/resolv.conf # shellcheck disable=SC1090 [ -e /tmp/net."$netif".gw ] && . /tmp/net."$netif".gw # add static route for _p in $(getargs rd.route); do route_to_var "$_p" || continue [ -n "$route_dev" ] && [ "$route_dev" != "$netif" ] && continue ip route add "$route_mask" ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev} if strstr "$route_mask" ":"; then printf -- "%s\n" "$route_mask ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev}" \ > /tmp/net.route6."$netif" else printf -- "%s\n" "$route_mask ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev}" \ > /tmp/net.route."$netif" fi done # If a static route was necessary to reach the gateway, the # first gateway setup call will have failed with # RTNETLINK answers: Network is unreachable # Replace the default route again after static routes to cover # this scenario. # shellcheck disable=SC1090 [ -e /tmp/net."$netif".gw ] && . /tmp/net."$netif".gw # Handle STP Timeout: arping the default gateway. # (or the root server, if a) it's local or b) there's no gateway.) # Note: This assumes that if no router is present the # root server is on the same subnet. -- arping -q -f -w 60 -I "$netif" "$dest" || info "Resolving $dest via ARP on $netif failed" fi fi unset layer2 : > /tmp/net."$netif".did-setup [ -z "$DO_VLAN" ] \ && [ -e /sys/class/net/"$netif"/address ] \ && : > "/tmp/net.$(cat /sys/class/net/"$netif"/address).did-setup" } save_netinfo() { local netif="$1" IFACES="" f="" i="" [ -e /tmp/net.ifaces ] && read -r IFACES < /tmp/net.ifaces # Add $netif to the front of IFACES (if it's not there already). set -- "$netif" for i in $IFACES; do [ "$i" != "$netif" ] && set -- "$@" "$i"; done IFACES="$*" for i in $IFACES; do for f in "/tmp/dhclient.$i."*; do [ -f "$f" ] && cp -f "$f" /tmp/net."${f#/tmp/dhclient.}" done done echo "$IFACES" > /tmp/.net.ifaces.new mv /tmp/.net.ifaces.new /tmp/net.ifaces } set_ifname() { local name="$1" mac="$2" num=-1 n="" # if it's already set, return the existing name for n in $(getargs ifname=); do strstr "$n" "$mac" && echo "${n%%:*}" && return done [ ! -f "/tmp/set_ifname_$name" ] || read -r num < "/tmp/set_ifname_$name" # otherwise, pick a new name and use that while :; do num=$((num + 1)) [ -e /sys/class/net/"$name"$num ] && continue for n in $(getargs ifname=); do [ "$name$num" = "${n%%:*}" ] && continue 2 done break done echo "ifname=$name$num:$mac" >> /etc/cmdline.d/45-ifname.conf echo "$num" > "/tmp/set_ifname_$name" echo "$name$num" } # pxelinux provides macaddr '-' separated, but we need ':' fix_bootif() { -- [ -e "${iface}"/mac ] || continue read -r mac < "${iface}"/mac [ -z "$mac" ] && continue dev=$(set_ifname ibft "$mac") [ -e /tmp/net."${dev}".has_ibft_config ] && continue [ -e "${iface}"/flags ] && read -r flags < "${iface}"/flags # Skip invalid interfaces awk -- 'BEGIN { exit (!and('"$flags"',1)) }' || continue # Skip interfaces not used for booting unless using multipath -- read -r vlan < "${iface}"/vlan if [ "$vlan" -ne "0" ]; then case "$vlan" in [0-9]*) echo "vlan=$dev.$vlan:$dev" echo "$mac" > /tmp/net."${dev}"."${vlan}".has_ibft_config ;; *) echo "vlan=$vlan:$dev" echo "$mac" > /tmp/net."${vlan}".has_ibft_config ;; esac else echo "$mac" > /tmp/net."${dev}".has_ibft_config fi else echo "$mac" > /tmp/net."${dev}".has_ibft_config fi done ) >> /etc/cmdline.d/40-ibft.conf } Found error in /usr/lib/dracut/modules.d/40network/ifname-genrules.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/40network/ifname-genrules.sh { for p in $(getargs ifname=); do parse_ifname_opts "$p" if [ -f /tmp/ifname-"$ifname_mac" ]; then read -r oldif < /tmp/ifname-"$ifname_mac" fi if [ -f /tmp/ifname-"$ifname_if" ]; then read -r oldmac < /tmp/ifname-"$ifname_if" fi if [ -n "$oldif" -a -n "$oldmac" -a "$oldif" = "$ifname_if" -a "$oldmac" = "$ifname_mac" ]; then # skip same ifname= declaration continue fi [ -n "$oldif" ] && warn "Multiple interface names specified for MAC $ifname_mac: $oldif" [ -n "$oldmac" ] && warn "Multiple MAC specified for $ifname_if: $oldmac" printf 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="%s", ATTR{type}=="1", NAME="%s"\n' "$ifname_mac" "$ifname_if" echo "$ifname_if" > /tmp/ifname-"$ifname_mac" echo "$ifname_mac" > /tmp/ifname-"$ifname_if" done } >> /etc/udev/rules.d/80-ifname.rules Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-vlan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-vlan.sh unset phydevice if [ ! "$vlan" = "vlan" ]; then parsevlan "$vlan" fi echo "phydevice=\"$phydevice\"" > /tmp/vlan."${phydevice}".phy { echo "vlanname=\"$vlanname\"" echo "phydevice=\"$phydevice\"" } > /tmp/vlan."${vlanname}"."${phydevice}" done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-team.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-team.sh { echo "teammaster=$teammaster" echo "teamslaves=\"$teamslaves\"" echo "teamrunner=\"$teamrunner\"" } > /tmp/team."${teammaster}".info if ! [ -e /etc/teamd/"${teammaster}".conf ]; then warn "Team master $teammaster specified, but no /etc/teamd/$teammaster.conf present. Using $teamrunner." mkdir -p /etc/teamd printf -- "%s" "{\"runner\": {\"name\": \"$teamrunner\"}, \"link_watch\": {\"name\": \"ethtool\"}}" > "/tmp/${teammaster}.conf" fi done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-ip-opts.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-ip-opts.sh IFACES="${IFACES%"$BOOTDEV"*} ${IFACES#*"$BOOTDEV"}" IFACES="$BOOTDEV $IFACES" fi # Store BOOTDEV and IFACES for later use [ -n "$BOOTDEV" ] && echo "$BOOTDEV" > /tmp/net.bootdev [ -n "$IFACES" ] && echo "$IFACES" > /tmp/net.ifaces Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-bridge.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-bridge.sh bridgeslaves=$iface fi { echo "bridgename=$bridgename" echo "bridgeslaves=\"$bridgeslaves\"" } > /tmp/bridge.${bridgename}.info done Found error in /usr/lib/dracut/modules.d/35network-legacy/dhcp-multi.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/dhcp-multi.sh dhclient "$arg" \ ${_timeout:+--timeout "$_timeout"} \ -q \ -1 \ -cf /etc/dhclient.conf \ -pf /tmp/dhclient."$netif".pid \ -lf /tmp/dhclient."$netif".lease \ "$netif" & wait $! 2> /dev/null # wait will return the return value of dhclient retv=$? -- fi # If dhclient exited before wait was called, or it was killed by # another thread for interface whose DHCP succeeded, then it will not # find the process with that pid and return error code 127. In that # case we need to check if /tmp/dhclient.$netif.lease exists. If it # does, it means dhclient finished executing before wait was called, # and it was successful (return 0). If /tmp/dhclient.$netif.lease # does not exist, then it means dhclient was killed by another thread # or it finished execution but failed dhcp on that interface. if [ $retv -eq 127 ]; then read -r pid < /tmp/dhclient."$netif".pid info "PID $pid was not found by wait for $netif" if [ -e /tmp/dhclient."$netif".lease ]; then info "PID $pid not found but DHCP successful on $netif" return 0 fi fi -- [ $_COUNT -lt "$_DHCPRETRY" ] && sleep 1 done warn "dhcp for interface $netif failed" # nuke those files since we failed; we might retry dhcp again if it's e.g. # `ip=dhcp,dhcp6` and we check for the PID file earlier rm -f /tmp/dhclient."$netif".pid /tmp/dhclient."$netif".lease return 1 } do_dhclient ret=$? # setup nameserver for s in "$dns1" "$dns2" $(getargs nameserver); do [ -n "$s" ] || continue echo nameserver "$s" >> /tmp/net."$netif".resolv.conf done if [ $ret -eq 0 ]; then : > /tmp/net."${netif}".up if [ -z "$do_vlan" ] && [ -e /sys/class/net/"${netif}"/address ]; then : > "/tmp/net.$(cat /sys/class/net/"${netif}"/address).up" fi # Check if DHCP also succeeded on another interface before this one. # We will always use the first one on which DHCP succeeded, by using # a common file $IFNETFILE, to synchronize between threads. -- # Also, the link points to the interface name, which will tell us which # interface succeeded. if ln -s "$netif" "$IFNETFILE" 2> /dev/null; then intf=$(readlink "$IFNETFILE") if [ -e /tmp/dhclient."$intf".lease ]; then info "DHCP successful on interface $intf" # Kill all existing dhclient calls for other interfaces, since we # already got one successful interface read -r npid < /tmp/dhclient."$netif".pid pidlist=$(pgrep dhclient) for pid in $pidlist; do [ "$pid" -eq "$npid" ] && continue kill -9 "$pid" > /dev/null 2>&1 done else echo "ERROR! $IFNETFILE exists but /tmp/dhclient.$intf.lease does not exist!!!" fi else info "DHCP success on $netif, and also on $intf" exit 0 fi Found error in /usr/lib/dracut/modules.d/35network-legacy/dhclient-script.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/dhclient-script.sh [ -n "$new_max_life" ] && lease_time=$new_max_life preferred_lft=$lease_time [ -n "$new_preferred_life" ] && preferred_lft=$new_preferred_life # shellcheck disable=SC1090 [ -f /tmp/net."$netif".override ] && . /tmp/net."$netif".override # Taken from debian dhclient-script: # The 576 MTU is only used for X.25 and dialup connections # where the admin wants low latency. Such a low MTU can cause # problems with UDP traffic, among other things. As such, -- ${preferred_lft:+preferred_lft ${preferred_lft}} if [ -n "$gw" ]; then if [ "$mask" = "255.255.255.255" ]; then # point-to-point connection => set explicit route to gateway echo ip route add "$gw" dev "$netif" > /tmp/net."$netif".gw fi echo "$gw" | { IFS=' ' read -r main_gw other_gw echo ip route replace default via "$main_gw" dev "$netif" >> /tmp/net."$netif".gw if [ -n "$other_gw" ]; then for g in $other_gw; do echo ip route add default via "$g" dev "$netif" >> /tmp/net."$netif".gw done fi } fi if getargbool 1 rd.peerdns; then [ -n "${search}${domain}" ] && echo "search $search $domain" > /tmp/net."$netif".resolv.conf if [ -n "$namesrv" ]; then for s in $namesrv; do echo nameserver "$s" done fi >> /tmp/net."$netif".resolv.conf fi # Note: hostname can be fqdn OR short hostname, so chop off any # trailing domain name and explicitly add any domain if set. [ -n "$hostname" ] && echo "echo ${hostname%."$domain"}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net."$netif".hostname } setup_interface6() { domain=$new_domain_name # get rid of control chars -- [ -n "$new_max_life" ] && lease_time=$new_max_life preferred_lft=$lease_time [ -n "$new_preferred_life" ] && preferred_lft=$new_preferred_life # shellcheck disable=SC1090 [ -f /tmp/net."$netif".override ] && . /tmp/net."$netif".override ip -6 addr add "${new_ip6_address}"/"${new_ip6_prefixlen}" \ dev "${netif}" scope global \ ${lease_time:+valid_lft $lease_time} \ ${preferred_lft:+preferred_lft ${preferred_lft}} if getargbool 1 rd.peerdns; then [ -n "${search}${domain}" ] && echo "search $search $domain" > /tmp/net."$netif".resolv.conf if [ -n "$namesrv" ]; then for s in $namesrv; do echo nameserver "$s" done fi >> /tmp/net."$netif".resolv.conf fi # Note: hostname can be fqdn OR short hostname, so chop off any # trailing domain name and explicitly add any domain if set. [ -n "$hostname" ] && echo "echo ${hostname%."$domain"}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net."$netif".hostname } parse_option_121() { while [ $# -ne 0 ]; do mask="$1" -- unset layer2 setup_interface set | while read -r line || [ -n "$line" ]; do [ "${line#new_}" = "$line" ] && continue echo "$line" done > /tmp/dhclient."$netif".dhcpopts { echo '. /lib/net-lib.sh' echo "setup_net $netif" if [ -n "$new_classless_static_routes" ]; then -- IFS=".$IFS" parse_option_121 "$new_classless_static_routes" IFS="$OLDIFS" fi echo "source_hook initqueue/online $netif" [ -e /tmp/net."$netif".manualup ] || echo "/sbin/netroot $netif" echo "rm -f -- $hookdir/initqueue/setup_net_$netif.sh" } > "$hookdir"/initqueue/setup_net_"$netif".sh echo "[ -f /tmp/net.$netif.did-setup ]" > "$hookdir"/initqueue/finished/dhclient-"$netif".sh : > /tmp/net."$netif".up if [ -e /sys/class/net/"${netif}"/address ]; then : > "/tmp/net.$(cat /sys/class/net/"${netif}"/address).up" fi ;; RENEW | REBIND) -- setup_interface6 set | while read -r line || [ -n "$line" ]; do [ "${line#new_}" = "$line" ] && continue echo "$line" done > /tmp/dhclient."$netif".dhcpopts { echo '. /lib/net-lib.sh' echo "setup_net $netif" echo "source_hook initqueue/online $netif" [ -e /tmp/net."$netif".manualup ] || echo "/sbin/netroot $netif" echo "rm -f -- $hookdir/initqueue/setup_net_$netif.sh" } > "$hookdir"/initqueue/setup_net_"$netif".sh echo "[ -f /tmp/net.$netif.did-setup ]" > "$hookdir"/initqueue/finished/dhclient-"$netif".sh : > /tmp/net."$netif".up if [ -e /sys/class/net/"${netif}"/address ]; then : > "/tmp/net.$(cat /sys/class/net/"${netif}"/address).up" fi ;; RENEW6 | REBIND6) unset lease_time Found error in /usr/lib/dracut/modules.d/35connman/cm-run.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35connman/cm-run.sh #!/bin/bash type source_hook > /dev/null 2>&1 || . /lib/dracut-lib.sh if [ -e /tmp/cm.done ]; then return fi while read -r _serv; do ifname=$(connmanctl services "$_serv" | grep Interface= | sed 's/^.*Interface=$[^,]*$.*$/\1/') source_hook initqueue/online "$ifname" /sbin/netroot "$ifname" done < <(connmanctl services | grep -oE '[^ ]+$') : > /tmp/cm.done; fail dracut-network-manager-060-alt0.1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/35network-manager/nm-run.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-manager/nm-run.sh for _i in /sys/class/net/*; do [ -d "$_i" ] || continue state="/run/NetworkManager/devices/$(cat "$_i"/ifindex)" grep -q '^connection-uuid=' "$state" 2> /dev/null || continue ifname="${_i##*/}" dhcpopts_create "$state" > /tmp/dhclient."$ifname".dhcpopts source_hook initqueue/online "$ifname" /sbin/netroot "$ifname" done : > /tmp/nm.done; fail foo2zjs-20200207-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/foo2hbpl2-wrapper: $ grep /tmp/ /usr/bin/foo2hbpl2-wrapper #%%BeginFeature: *CustomPageSize True #792.000000 612.000000 1 0.000000 0.000000 #pop pop pop pop pop if [ $DEBUG = 0 ]; then TMPFILE=/tmp/cus$$ else TMPFILE=/tmp/custom.ps fi cat >$TMPFILE exec <$TMPFILE tmp=`head 10000 $TMPFILE \ case $NUP in [234689]|1[024568]) PREFILTER="nup";; *) PREFILTER=cat;; esac if [ "$DEBUG" -ge 9 ]; then PREFILTER="tee /tmp/$BASENAME.ps" fi # # Overload -G. If the file name ends with ".icm" or ".ICM" # then convert the ICC color profile to a Postscript CRD, -- GAMMAFILE= fi } if [ $DEBUG -gt 0 ]; then ICCTMP=/tmp/icc else ICCTMP=/tmp/icc$$ fi if [ "" = "$COLOR" ]; then COLORMODE= GAMMAFILE= -- # CRD GAMMAFILE="" GAMMAFILE="$GAMMAFILE $CRDBASE/${model}cms" GAMMAFILE="$GAMMAFILE $CRDBASE/$SCREEN" # Black text... TMPFILE2=/tmp/black$$ cat $CRDBASE/black-text.ps - >$TMPFILE2 exec <$TMPFILE2 ;; *.crd) GAMMAFILE="$CRDBASE/prolog.ps" Found error in /usr/bin/foo2ddst-wrapper: $ grep -A5 -B5 /tmp/ /usr/bin/foo2ddst-wrapper #%%BeginFeature: *CustomPageSize True #792.000000 612.000000 1 0.000000 0.000000 #pop pop pop pop pop if [ $DEBUG = 0 ]; then TMPFILE=/tmp/cus$$ else TMPFILE=/tmp/custom.ps fi cat >$TMPFILE exec <$TMPFILE tmp=`head -n 10000 $TMPFILE \ -- case $NUP in [234689]|1[024568]) PREFILTER="nup";; *) PREFILTER=cat;; esac if [ "$DEBUG" -ge 9 ]; then PREFILTER="tee /tmp/$BASENAME.ps" fi # # Overload -G. If the file name ends with ".icm" or ".ICM" # then convert the ICC color profile to a Postscript CRD, -- GAMMAFILE= fi } if [ $DEBUG -gt 0 ]; then ICCTMP=/tmp/icc else ICCTMP=/tmp/icc$$ fi if [ "" = "$COLOR" ]; then COLORMODE= GAMMAFILE=; fail foreman-3.5.1-alt8.1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/foreman/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/user_data/Kickstart_default_user_data.host4dhcp.snap.txt: $ grep -A5 -B5 /tmp/ /usr/lib/foreman/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/user_data/Kickstart_default_user_data.host4dhcp.snap.txt echo "Performing initial puppet run for --tags no_such_tag" /usr/bin/puppet agent --config /etc/puppet/puppet.conf --onetime --tags no_such_tag --no-daemonize cat << EOF-d592f4ed > /tmp/ansible_provisioning_call.sh #!/bin/sh echo "Calling Ansible AWX/Tower provisioning callback..." /usr/bin/curl -v -k -s --data "host_config_key=" https:///api/v2/job_templates//callback/ echo "DONE" EOF-d592f4ed /bin/sh /tmp/ansible_provisioning_call.sh # UserData still needs to mark the build as finished if [ -x /usr/bin/curl ]; then /usr/bin/curl -o /dev/null --noproxy \* -H 'Content-Type: text/plain' --silent 'http://foreman.example.com/unattended/built' elif [ -x /usr/bin/wget ]; then; fail gem-foreman-hooks-0.3.17-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/foreman_hooks-0.3.17/examples/bash/log.sh: $ grep /tmp/ /usr/lib/ruby/gemie/gems/foreman_hooks-0.3.17/examples/bash/log.sh # Example of using hook_data to query the JSON representation of the object # passed by foreman_hooks. `cat $HOOK_OBJECT_FILE` to see the contents. hostname=$(hook_data host.name) echo "$(date): received ${event} on ${object}" >> /tmp/hook.log # exit code is important on orchestration tasks exit 0; fail gem-puppet-7.20.0-alt2.p10.0.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/puppet-7.20.0/lib/puppet/application/filebucket.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/puppet-7.20.0/lib/puppet/application/filebucket.rb EXAMPLES -------- ## Backup a file to the filebucket, then restore it to a temporary directory $ puppet filebucket backup /etc/passwd /etc/passwd: 429b225650b912a2ee067b0a4cf1e949 $ puppet filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949 ## Diff between two files in the filebucket $ puppet filebucket -l diff d43a6ecaa892a1962398ac9170ea9bf2 7ae322f5791217e031dc60188f4521ef 1a2 > again ## Diff between the file in the filebucket and a local file $ puppet filebucket -l diff d43a6ecaa892a1962398ac9170ea9bf2 /tmp/testFile 1a2 > again ## Backup a file to the filebucket and observe that it keeps each backup separate $ puppet filebucket -l list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile $ echo again >> /tmp/TestFile $ puppet filebucket -l backup /tmp/TestFile /tmp/TestFile: 7ae322f5791217e031dc60188f4521ef $ puppet filebucket -l list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile 7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile ## List files in a filebucket within date ranges $ puppet filebucket -l -f 2015-01-01 -t 2015-01-11 list $ puppet filebucket -l -f 2015-05-10 list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile 7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile $ puppet filebucket -l -f "2015-05-11 09:30:00" list 7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile $ puppet filebucket -l -t "2015-05-11 09:30:00" list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile ## Manage files in a specific local filebucket $ puppet filebucket -b /tmp/TestBucket backup /tmp/TestFile2 /tmp/TestFile2: d41d8cd98f00b204e9800998ecf8427e $ puppet filebucket -b /tmp/TestBucket list d41d8cd98f00b204e9800998ecf8427e 2015-05-11 09:33:22 /tmp/TestFile2 ## From a Puppet Server, list files in the server bucketdir $ puppet filebucket -b $(puppet config print bucketdir --section server) list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile 7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile AUTHOR ------ Luke Kanies Found error in /usr/lib/ruby/gemie/gems/puppet-7.20.0/lib/puppet/application/doc.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/puppet-7.20.0/lib/puppet/application/doc.rb 'puppet doc --list'. EXAMPLE ------- $ puppet doc -r type > /tmp/type_reference.markdown AUTHOR ------ Luke Kanies; fail gem-ruby-libvirt-0.8.0-alt1.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.0/tests/test_storage.rb: $ grep /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.0/tests/test_storage.rb test.img 0 1 /tmp/rb-libvirt-test/test.img EOF new_storage_vol_xml_2 = < test2.img 0 5 /tmp/rb-libvirt-test/test2.img EOF # TESTGROUP: vol.pool expect_too_many_args(newpool, "delete", 1, 2) expect_invalid_arg_type(newpool, "delete", 'foo') expect_success(newpool, "no args", "delete") `mkdir -p /tmp/rb-libvirt-test` newpool.undefine `mkdir -p #{$POOL_PATH}` # TESTGROUP: pool.refresh; fail gnormalize-0.63-alt1.qa1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/gnormalize: $ grep /tmp/ /usr/bin/gnormalize if ($show_cdplayer_skin and defined $window_cd_player){ # with skin_xTunes $widget->set_size_request (225, 90); # set a minimum size: (width,height) ; skin_xTunes #(pixmap, mask) = Gtk2::Gdk::Pixmap->create_from_xpm ($drawable, $transparent_color, $filename) #($pixmap, $pixmap_mask) = Gtk2::Gdk::Pixmap->create_from_xpm ($widget->window, undef, '/tmp/skin_xTunes.xpm'); ($pixmap, $pixmap_mask) = Gtk2::Gdk::Pixmap->create_from_xpm_d($widget->window, undef, @skin_xTunes); #my $pixmap_widget = Gtk2::Image->new_from_pixmap ($gdkpixmap, $mask); $window_cd_player->shape_combine_mask( $pixmap_mask, 0, 0 ) if not $window_cd_player->get_decorated; ###----------- add files to treeview --------------### sub sort_full_path_names{ my @array = @_; # For example: # $array[0] = '/tmp/teste/teste4/mus.mp3' # $array[1] = '/tmp/teste/teste2/teste4/mus.mp3' # $array[2] = '/tmp/mus.mp3' # First, sort this array in ascending order by number of '/' character. # Then, sort in case-insensitively mode. # sort case-insensitively : @articles = sort {uc($a) cmp uc($b)} @files; (see man perlfunc) # multiple comparisons in the routine and separate them with ||. # See Perl Cookbook, 2nd Edition. Chap. 4.16; 10.18 for help; #my $teste = '/tmp/teste/teste2/teste4/mus.mp3'; $teste =~ s/[^\/]//g; print "teste = $teste\n"; # output: teste = ///// # first compare the number of directory character '/'. sub compare_dir { (my $temp1 = $a) =~ s/[^\/]//g; # remove all character but '/' (my $temp2 = $b) =~ s/[^\/]//g; -- #This file 100% done All files 99% done # WaveGain Processing completed normally # No Title Gain adjustment or DC Offset correction required for file: # Error renaming '/tmp/wavegain.tmp' to '04.wav' (uh-oh) # Error processing GAIN for file - 04.wav #print "--> $_\n"; if ( $_ =~ /^\s+Applying Gain of ([-+]\d+[.,]\d+) dB to file:/ ){ $adjust = $1; } -- # leave room for WAV header (44 bytes) #seek WAV, 44, 0; #print "cdrom_rip = $cdrom_rip; value = $$addr[0]; addr = $addr; startframe = $startframe\n"; open WAV, ">/tmp/track${track}.wav" or die $!; binmode WAV; #print WAV $cdrom_rip; for (my $i=0;$i<2352;$i++){ print WAV $buf[$i]; } #syswrite(WAV, $buffer, 2352 );; fail hunspell-utils-1.7.2-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/wordforms: $ grep -A5 -B5 /tmp/ /usr/bin/wordforms fx=0 case $1 in -s) fx=1; shift;; -p) fx=2; shift;; esac test -h /tmp/wordforms.aff && rm /tmp/wordforms.aff ln -s "$PWD/$1" /tmp/wordforms.aff # prepared dic only with the query word echo 1 >/tmp/wordforms.dic grep "^$3/" $2 >>/tmp/wordforms.dic echo $3 | awk -v "fx=$fx" ' fx!=2 && FILENAME!="-" && /^SFX/ && NF > 4{split($4,a,"/");clen=($3=="0") ? 0 : length($3);sfx[a[1],clen]=a[1];sfxc[a[1],clen]=clen;next} fx!=1 && FILENAME!="-" && /^PFX/ && NF > 4{split($4,a,"/");clen=($3=="0") ? 0 : length($3);pfx[a[1],clen]=a[1];pfxc[a[1],clen]=clen;next} FILENAME=="-"{ wlen=length($1) -- for (j in pfx) {if (wlen<=pfxc[j]) continue; for(i in sfx){clen=sfxc[i];if (wlen<=clen || wlen <= (clen + pfxc[j]))continue; print (pfx[j]=="0" ? "" : pfx[j]) substr($1, pfxc[j]+1, wlen-clen-pfxc[j]) (sfx[i]=="0" ? "": sfx[i]) }} } } ' /tmp/wordforms.aff - | hunspell -d /tmp/wordforms -G -l; fail imapsync-1.977-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/imapsync: $ grep /tmp/ /usr/bin/imapsync Readonly my $TRUE => 1 ; Readonly my $FALSE => 0 ; Readonly my $LAST_RESSORT_SEPARATOR => q{/} ; Readonly my $CGI_TMPDIR_TOP => '/var/tmp/imapsync_cgi' ; Readonly my $CGI_HASHFILE => '/var/tmp/imapsync_hash' ; Readonly my $UMASK_PARANO => '0077' ; Readonly my $STR_use_releasecheck => q{Check if a new imapsync release is available by adding ; Readonly my $GMAIL_MAXSIZE => 35_651_584 ; # No pidfile $mysync->{pidfile} = q{} ; # No log $mysync->{log} = 0 ; # In case $mysync->{ debug } and myprint( "Changing current directory to /var/tmp/\n" ) ; chdir '/var/tmp/' ; return ; } sub cgibegin -- SKIP: { if ( 'MSWin32' eq $OSNAME or '0' eq $EFFECTIVE_USER_ID ) { skip( 'Tests only for non-root Unix', 1 ) ; } $mysync->{ hashfile } = '/rrr' ; is( undef, hashsynclocal( $mysync ), 'hashsynclocal: permission denied' ) ; } ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'hashsynclocal: mkpath W/tmp/tests/' ) ; $mysync->{ hashfile } = 'W/tmp/tests/imapsync_hash' ; ok( ! -e 'W/tmp/tests/imapsync_hash' || unlink 'W/tmp/tests/imapsync_hash', 'hashsynclocal: unlink W/tmp/tests/imapsync_hash' ) ; ok( ! -e 'W/tmp/tests/imapsync_hash', 'hashsynclocal: verify there is no W/tmp/tests/imapsync_hash' ) ; is( 'ecdeb4ede672794d173da4e08c52b8ee19b7d252', hashsynclocal( $mysync, 'mukksyhpmbixkxkpjlqivmlqsulpictj' ), 'hashsynclocal: creating/reading W/tmp/tests/imapsync_hash' ) ; # A second time now is( 'ecdeb4ede672794d173da4e08c52b8ee19b7d252', hashsynclocal( $mysync ), 'hashsynclocal: reading W/tmp/tests/imapsync_hash second time => same' ) ; note( 'Leaving tests_hashsynclocal()' ) ; return ; } -- Readonly my $NB_UNIX_tests_do_valid_directory => 2 ; SKIP: { skip( 'Tests only for Unix', $NB_UNIX_tests_do_valid_directory ) if ( 'MSWin32' eq $OSNAME ) ; ok( 1 == do_valid_directory( '.'), 'do_valid_directory: . good' ) ; ok( 1 == do_valid_directory( './W/tmp/tests/valid/sub'), 'do_valid_directory: ./W/tmp/tests/valid/sub good' ) ; } Readonly my $NB_UNIX_tests_do_valid_directory_non_root => 2 ; SKIP: { skip( 'Tests only for Unix', $NB_UNIX_tests_do_valid_directory_non_root ) if ( 'MSWin32' eq $OSNAME or '0' eq $EFFECTIVE_USER_ID ) ; diag( 'Error / not writable is on purpose' ) ; -- sub tests_remove_pidfile_not_running { note( 'Entering tests_remove_pidfile_not_running()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'remove_pidfile_not_running: mkpath W/tmp/tests/' ) ; is( undef, remove_pidfile_not_running( ), 'remove_pidfile_not_running: no args => undef' ) ; is( undef, remove_pidfile_not_running( './W' ), 'remove_pidfile_not_running: a dir => undef' ) ; is( undef, remove_pidfile_not_running( 'noexists' ), 'remove_pidfile_not_running: noexists => undef' ) ; is( 1, touch( 'W/tmp/tests/empty.pid' ), 'remove_pidfile_not_running: prepa empty W/tmp/tests/empty.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/empty.pid' ), 'remove_pidfile_not_running: W/tmp/tests/empty.pid => undef' ) ; is( 'lalala', string_to_file( 'lalala', 'W/tmp/tests/lalala.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/lalala.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/lalala.pid' ), 'remove_pidfile_not_running: W/tmp/tests/lalala.pid => undef' ) ; is( '55555', string_to_file( '55555', 'W/tmp/tests/notrunning.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/notrunning.pid' ) ; is( 1, remove_pidfile_not_running( 'W/tmp/tests/notrunning.pid' ), 'remove_pidfile_not_running: W/tmp/tests/notrunning.pid => 1' ) ; is( $PROCESS_ID, string_to_file( $PROCESS_ID, 'W/tmp/tests/running.pid' ), 'remove_pidfile_not_running: prepa W/tmp/tests/running.pid' ) ; is( undef, remove_pidfile_not_running( 'W/tmp/tests/running.pid' ), 'remove_pidfile_not_running: W/tmp/tests/running.pid => undef' ) ; note( 'Leaving tests_remove_pidfile_not_running()' ) ; return ; } -- sub tests_tail { note( 'Entering tests_tail()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'tail: mkpath W/tmp/tests/' ) ; ok( ( ! -e 'W/tmp/tests/tail.pid' || unlink 'W/tmp/tests/tail.pid' ), 'tail: unlink W/tmp/tests/tail.pid' ) ; ok( ( ! -e 'W/tmp/tests/tail.txt' || unlink 'W/tmp/tests/tail.txt' ), 'tail: unlink W/tmp/tests/tail.txt' ) ; is( undef, tail( ), 'tail: no args => undef' ) ; my $mysync ; is( undef, tail( $mysync ), 'tail: no pidfile => undef' ) ; $mysync->{pidfile} = 'W/tmp/tests/tail.pid' ; is( undef, tail( $mysync ), 'tail: no pidfilelocking => undef' ) ; $mysync->{pidfilelocking} = 1 ; is( undef, tail( $mysync ), 'tail: pidfile no exists => undef' ) ; my $pidandlog = "33333\nW/tmp/tests/tail.txt\n" ; is( $pidandlog, string_to_file( $pidandlog, $mysync->{pidfile} ), 'tail: put pid 33333 and tail.txt in pidfile' ) ; is( undef, tail( $mysync ), 'tail: logfile to tail no exists => undef' ) ; my $tailcontent = "L1\nL2\nL3\nL4\nL5\n" ; is( $tailcontent, string_to_file( $tailcontent, 'W/tmp/tests/tail.txt' ), 'tail: put L1\nL2\nL3\nL4\nL5\n in W/tmp/tests/tail.txt' ) ; is( undef, tail( $mysync ), 'tail: fake pid in pidfile + tail off => 1' ) ; $mysync->{ tail } = 1 ; is( 1, tail( $mysync ), 'tail: fake pid in pidfile + tail on=> 1' ) ; # put my own pid, won't do tail $pidandlog = "$PROCESS_ID\nW/tmp/tests/tail.txt\n" ; is( $pidandlog, string_to_file( $pidandlog, $mysync->{pidfile} ), 'tail: put my own PID in pidfile' ) ; is( undef, tail( $mysync ), 'tail: my own pid in pidfile => undef' ) ; note( 'Leaving tests_tail()' ) ; return ; -- is( undef, write_pidfile( $mysync ), 'write_pidfile: no permission for /no/no/no.pid, no lock => undef' ) ; $mysync->{pidfilelocking} = 1 ; is( undef, write_pidfile( $mysync ), 'write_pidfile: no permission for /no/no/no.pid + lock => undef' ) ; $mysync->{pidfile} = 'W/tmp/tests/test.pid' ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'write_pidfile: mkpath W/tmp/tests/' ) ; is( 1, touch( $mysync->{pidfile} ), 'write_pidfile: lock prepa' ) ; $mysync->{pidfilelocking} = 0 ; is( 1, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + no lock => 1' ) ; is( $PROCESS_ID, firstline( 'W/tmp/tests/test.pid' ), "write_pidfile: W/tmp/tests/test.pid contains $PROCESS_ID" ) ; is( q{}, secondline( 'W/tmp/tests/test.pid' ), "write_pidfile: W/tmp/tests/test.pid contains no second line" ) ; $mysync->{pidfilelocking} = 1 ; is( undef, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + lock => undef' ) ; $mysync->{pidfilelocking} = 0 ; $mysync->{ logfile } = 'rrrr.txt' ; is( 1, write_pidfile( $mysync ), 'write_pidfile: W/tmp/tests/test.pid + no lock + logfile => 1' ) ; is( $PROCESS_ID, firstline( 'W/tmp/tests/test.pid' ), "write_pidfile: + no lock + logfile W/tmp/tests/test.pid contains $PROCESS_ID" ) ; is( q{rrrr.txt}, secondline( 'W/tmp/tests/test.pid' ), "write_pidfile: + no lock + logfile W/tmp/tests/test.pid contains rrrr.txt" ) ; note( 'Leaving tests_write_pidfile()' ) ; return ; } -- sub tests_get_cache { note( 'Entering tests_get_cache()' ) ; ok( not( get_cache('/cache_no_exist') ), 'get_cache: /cache_no_exist' ); ok( ( not -d 'W/tmp/cache/F1/F2' or rmtree( 'W/tmp/cache/F1/F2' ) ), 'get_cache: rmtree W/tmp/cache/F1/F2' ) ; ok( mkpath( 'W/tmp/cache/F1/F2' ), 'get_cache: mkpath W/tmp/cache/F1/F2' ) ; my @test_files_cache = ( qw( W/tmp/cache/F1/F2/100_200 W/tmp/cache/F1/F2/101_201 W/tmp/cache/F1/F2/120_220 W/tmp/cache/F1/F2/142_242 W/tmp/cache/F1/F2/143_243 W/tmp/cache/F1/F2/177_277 W/tmp/cache/F1/F2/177_377 W/tmp/cache/F1/F2/177_777 W/tmp/cache/F1/F2/155_255 ) ) ; ok( touch( @test_files_cache ), 'get_cache: touch W/tmp/cache/F1/F2/...' ) ; # on cache: 100_200 101_201 142_242 143_243 177_277 177_377 177_777 155_255 # on live: my $msgs_1 = [120, 142, 143, 144, 177 ]; -- my $msgs_all_1 = { 120 => 0, 142 => 0, 143 => 0, 144 => 0, 177 => 0 } ; my $msgs_all_2 = { 242 => 0, 243 => 0, 299 => 0, 377 => 0, 777 => 0, 255 => 0 } ; my( $c12, $c21 ) ; ok( ( $c12, $c21 ) = get_cache( 'W/tmp/cache/F1/F2', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2 ), 'get_cache: 02' ); my $a1 = [ sort { $a <=> $b } keys %{ $c12 } ] ; my $a2 = [ sort { $a <=> $b } keys %{ $c21 } ] ; ok( 0 == compare_lists( [ 142, 143, 177 ], $a1 ), 'get_cache: 03' ); ok( 0 == compare_lists( [ 242, 243, 777 ], $a2 ), 'get_cache: 04' ); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 142_242'); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 143_243'); ok( ! -f 'W/tmp/cache/F1/F2/100_200', 'get_cache: file removed 100_200'); ok( ! -f 'W/tmp/cache/F1/F2/101_201', 'get_cache: file removed 101_201'); # test clean_cache executed $maxage = 2 ; ok( touch(@test_files_cache), 'get_cache: touch W/tmp/cache/F1/F2/...' ) ; ok( ( $c12, $c21 ) = get_cache('W/tmp/cache/F1/F2', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2 ), 'get_cache: 02' ); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 142_242'); ok( -f 'W/tmp/cache/F1/F2/142_242', 'get_cache: file kept 143_243'); ok( ! -f 'W/tmp/cache/F1/F2/100_200', 'get_cache: file NOT removed 100_200'); ok( ! -f 'W/tmp/cache/F1/F2/101_201', 'get_cache: file NOT removed 101_201'); # strange files #$debugcache = 1 ; $maxage = undef ; ok( ( not -d 'W/tmp/cache/rr\uee' or rmtree( 'W/tmp/cache/rr\uee' )), 'get_cache: rmtree W/tmp/cache/rr\uee' ) ; ok( mkpath( 'W/tmp/cache/rr\uee' ), 'get_cache: mkpath W/tmp/cache/rr\uee' ) ; @test_files_cache = ( qw( W/tmp/cache/rr\uee/100_200 W/tmp/cache/rr\uee/101_201 W/tmp/cache/rr\uee/120_220 W/tmp/cache/rr\uee/142_242 W/tmp/cache/rr\uee/143_243 W/tmp/cache/rr\uee/177_277 W/tmp/cache/rr\uee/177_377 W/tmp/cache/rr\uee/177_777 W/tmp/cache/rr\uee/155_255 ) ) ; ok( touch(@test_files_cache), 'get_cache: touch strange W/tmp/cache/...' ) ; # on cache: 100_200 101_201 142_242 143_243 177_277 177_377 177_777 155_255 # on live: $msgs_1 = [120, 142, 143, 144, 177 ] ; $msgs_2 = [ 242, 243, 299, 377, 777, 255 ] ; $msgs_all_1 = { 120 => q{}, 142 => q{}, 143 => q{}, 144 => q{}, 177 => q{} } ; $msgs_all_2 = { 242 => q{}, 243 => q{}, 299 => q{}, 377 => q{}, 777 => q{}, 255 => q{} } ; ok( ( $c12, $c21 ) = get_cache('W/tmp/cache/rr\uee', $msgs_1, $msgs_2, $msgs_all_1, $msgs_all_2), 'get_cache: strange path 02' ); $a1 = [ sort { $a <=> $b } keys %{ $c12 } ] ; $a2 = [ sort { $a <=> $b } keys %{ $c21 } ] ; ok( 0 == compare_lists( [ 142, 143, 177 ], $a1 ), 'get_cache: strange path 03' ); ok( 0 == compare_lists( [ 242, 243, 777 ], $a2 ), 'get_cache: strange path 04' ); ok( -f 'W/tmp/cache/rr\uee/142_242', 'get_cache: strange path file kept 142_242'); ok( -f 'W/tmp/cache/rr\uee/142_242', 'get_cache: strange path file kept 143_243'); ok( ! -f 'W/tmp/cache/rr\uee/100_200', 'get_cache: strange path file removed 100_200'); ok( ! -f 'W/tmp/cache/rr\uee/101_201', 'get_cache: strange path file removed 101_201'); note( 'Leaving tests_get_cache()' ) ; return ; } -- ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '123_456' ), 'match_a_cache_file: 123_456' ) ; ok( '123' eq $tuid1, 'match_a_cache_file: 123_456 1' ) ; ok( '456' eq $tuid2, 'match_a_cache_file: 123_456 2' ) ; ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '/tmp/truc/123_456' ), 'match_a_cache_file: /tmp/truc/123_456' ) ; ok( '123' eq $tuid1, 'match_a_cache_file: /tmp/truc/123_456 1' ) ; ok( '456' eq $tuid2, 'match_a_cache_file: /tmp/truc/123_456 2' ) ; ok( ( $tuid1, $tuid2 ) = match_a_cache_file( '/lala123_456' ), 'match_a_cache_file: NO /lala123_456' ) ; ok( ! $tuid1, 'match_a_cache_file: /lala123_456 1' ) ; ok( ! $tuid2, 'match_a_cache_file: /lala123_456 2' ) ; -- sub tests_clean_cache { note( 'Entering tests_clean_cache()' ) ; ok( ( not -d 'W/tmp/cache/G1/G2' or rmtree( 'W/tmp/cache/G1/G2' )), 'clean_cache: rmtree W/tmp/cache/G1/G2' ) ; ok( mkpath( 'W/tmp/cache/G1/G2' ), 'clean_cache: mkpath W/tmp/cache/G1/G2' ) ; my @test_files_cache = ( qw( W/tmp/cache/G1/G2/100_200 W/tmp/cache/G1/G2/101_201 W/tmp/cache/G1/G2/120_220 W/tmp/cache/G1/G2/142_242 W/tmp/cache/G1/G2/143_243 W/tmp/cache/G1/G2/177_277 W/tmp/cache/G1/G2/177_377 W/tmp/cache/G1/G2/177_777 W/tmp/cache/G1/G2/155_255 ) ) ; ok( touch(@test_files_cache), 'clean_cache: touch W/tmp/cache/G1/G2/...' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache: 100_200 before' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache: 142_242 before' ); ok( -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache: 177_277 before' ); ok( -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache: 177_377 before' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache: 177_777 before' ); ok( -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache: 155_255 before' ); my $cache = { 142 => 242, 177 => 777, } ; -- 242 => q{}, 777 => q{}, } ; ok( clean_cache( \@test_files_cache, $cache, $all_1, $all_2 ), 'clean_cache: ' ) ; ok( ! -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache: 100_200 after' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache: 142_242 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache: 177_277 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache: 177_377 after' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache: 177_777 after' ); ok( ! -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache: 155_255 after' ); note( 'Leaving tests_clean_cache()' ) ; return ; } sub tests_clean_cache_2 { note( 'Entering tests_clean_cache_2()' ) ; ok( ( not -d 'W/tmp/cache/G1/G2' or rmtree( 'W/tmp/cache/G1/G2' )), 'clean_cache_2: rmtree W/tmp/cache/G1/G2' ) ; ok( mkpath( 'W/tmp/cache/G1/G2' ), 'clean_cache_2: mkpath W/tmp/cache/G1/G2' ) ; my @test_files_cache = ( qw( W/tmp/cache/G1/G2/100_200 W/tmp/cache/G1/G2/101_201 W/tmp/cache/G1/G2/120_220 W/tmp/cache/G1/G2/142_242 W/tmp/cache/G1/G2/143_243 W/tmp/cache/G1/G2/177_277 W/tmp/cache/G1/G2/177_377 W/tmp/cache/G1/G2/177_777 W/tmp/cache/G1/G2/155_255 ) ) ; ok( touch(@test_files_cache), 'clean_cache_2: touch W/tmp/cache/G1/G2/...' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache_2: 100_200 before' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache_2: 142_242 before' ); ok( -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache_2: 177_277 before' ); ok( -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache_2: 177_377 before' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache_2: 177_777 before' ); ok( -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache_2: 155_255 before' ); my $cache = { 142 => 242, 177 => 777, } ; -- ok( clean_cache( \@test_files_cache, $cache, $all_1, $all_2 ), 'clean_cache_2: ' ) ; ok( -f 'W/tmp/cache/G1/G2/100_200', 'clean_cache_2: 100_200 after' ); ok( -f 'W/tmp/cache/G1/G2/142_242', 'clean_cache_2: 142_242 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_277', 'clean_cache_2: 177_277 after' ); ok( ! -f 'W/tmp/cache/G1/G2/177_377', 'clean_cache_2: 177_377 after' ); ok( -f 'W/tmp/cache/G1/G2/177_777', 'clean_cache_2: 177_777 after' ); ok( ! -f 'W/tmp/cache/G1/G2/155_255', 'clean_cache_2: 155_255 after' ); note( 'Leaving tests_clean_cache_2()' ) ; return ; } -- sub tests_mkpath { note( 'Entering tests_mkpath()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' )), 'mkpath: mkpath W/tmp/tests/' ) ; SKIP: { skip( 'Tests only for Unix', 10 ) if ( 'MSWin32' eq $OSNAME ) ; my $long_path_unix = '123456789/' x 30 ; ok( ( -d "W/tmp/tests/long/$long_path_unix" or mkpath( "W/tmp/tests/long/$long_path_unix" ) ), 'mkpath: mkpath 300 char' ) ; ok( -d "W/tmp/tests/long/$long_path_unix", 'mkpath: mkpath > 300 char verified' ) ; ok( ( -d "W/tmp/tests/long/$long_path_unix" and rmtree( 'W/tmp/tests/long/' ) ), 'mkpath: rmtree 300 char' ) ; ok( ! -d "W/tmp/tests/long/$long_path_unix", 'mkpath: rmtree 300 char verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' or mkpath( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: mkpath trailing_dots...' ) ; ok( -d 'W/tmp/tests/trailing_dots...', 'mkpath: mkpath trailing_dots... verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' and rmtree( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: rmtree trailing_dots...' ) ; ok( ! -d 'W/tmp/tests/trailing_dots...', 'mkpath: rmtree trailing_dots... verified' ) ; eval { ok( 1 / 0, 'mkpath: divide by 0' ) ; } or ok( 1, 'mkpath: can not divide by 0' ) ; ok( 1, 'mkpath: still alive' ) ; } ; -- eval { ok( ( -d $long_path_300 or mkpath( $long_path_300 ) ), 'mkpath: create a path with 300 characters' ) ; } or ok( 1, 'mkpath: can not create a path with 300 characters' ) ; ok( ( ( ! -d $long_path_300 ) or -d $long_path_300 and rmtree( $long_path_300 ) ), 'mkpath: rmtree the 300 character path' ) ; ok( 1, 'mkpath: still alive' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' or mkpath( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: mkpath trailing_dots...' ) ; ok( -d 'W/tmp/tests/trailing_dots...', 'mkpath: mkpath trailing_dots... verified' ) ; ok( ( -d 'W/tmp/tests/trailing_dots...' and rmtree( 'W/tmp/tests/trailing_dots...' ) ), 'mkpath: rmtree trailing_dots...' ) ; ok( ! -d 'W/tmp/tests/trailing_dots...', 'mkpath: rmtree trailing_dots... verified' ) ; } ; note( 'Leaving tests_mkpath()' ) ; -- sub tests_touch { note( 'Entering tests_touch()' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' )), 'touch: mkpath W/tmp/tests/' ) ; ok( 1 == touch( 'W/tmp/tests/lala'), 'touch: W/tmp/tests/lala') ; ok( 1 == touch( 'W/tmp/tests/\y'), 'touch: W/tmp/tests/\y') ; ok( 0 == touch( '/no/no/no/aaa'), 'touch: not /aaa') ; ok( 1 == touch( 'W/tmp/tests/lili', 'W/tmp/tests/lolo'), 'touch: 2 files') ; ok( 0 == touch( 'W/tmp/tests/\y', '/no/no/aaa'), 'touch: 2 files, 1 fails' ) ; note( 'Leaving tests_touch()' ) ; return ; } -- sub tests_firstline { note( 'Entering tests_firstline()' ) ; is( q{}, firstline( 'W/tmp/tests/noexist.txt' ), 'firstline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'firstline: mkpath W/tmp/tests/' ) ; is( "blabla\n" , string_to_file( "blabla\n", 'W/tmp/tests/firstline.txt' ), 'firstline: put blabla in W/tmp/tests/firstline.txt' ) ; is( 'blabla' , firstline( 'W/tmp/tests/firstline.txt' ), 'firstline: get blabla from W/tmp/tests/firstline.txt' ) ; is( q{} , string_to_file( q{}, 'W/tmp/tests/firstline2.txt' ), 'firstline: put empty string in W/tmp/tests/firstline2.txt' ) ; is( q{} , firstline( 'W/tmp/tests/firstline2.txt' ), 'firstline: get empty string from W/tmp/tests/firstline2.txt' ) ; is( "\n" , string_to_file( "\n", 'W/tmp/tests/firstline3.txt' ), 'firstline: put CR in W/tmp/tests/firstline3.txt' ) ; is( q{} , firstline( 'W/tmp/tests/firstline3.txt' ), 'firstline: get empty string from W/tmp/tests/firstline3.txt' ) ; is( "blabla\nTiti\n" , string_to_file( "blabla\nTiti\n", 'W/tmp/tests/firstline4.txt' ), 'firstline: put blabla\nTiti\n in W/tmp/tests/firstline4.txt' ) ; is( 'blabla' , firstline( 'W/tmp/tests/firstline4.txt' ), 'firstline: get blabla from W/tmp/tests/firstline4.txt' ) ; note( 'Leaving tests_firstline()' ) ; return ; } -- sub tests_secondline { note( 'Entering tests_secondline()' ) ; is( q{}, secondline( 'W/tmp/tests/noexist.txt' ), 'secondline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; is( q{}, secondline( 'W/tmp/tests/noexist.txt', 2 ), 'secondline: 2nd getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'secondline: mkpath W/tmp/tests/' ) ; is( "L1\nL2\nL3\nL4\n" , string_to_file( "L1\nL2\nL3\nL4\n", 'W/tmp/tests/secondline.txt' ), 'secondline: put L1\nL2\nL3\nL4\n in W/tmp/tests/secondline.txt' ) ; is( 'L2' , secondline( 'W/tmp/tests/secondline.txt' ), 'secondline: get L2 from W/tmp/tests/secondline.txt' ) ; note( 'Leaving tests_secondline()' ) ; return ; } -- sub tests_nthline { note( 'Entering tests_nthline()' ) ; is( q{}, nthline( 'W/tmp/tests/noexist.txt' ), 'nthline: getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; is( q{}, nthline( 'W/tmp/tests/noexist.txt', 2 ), 'nthline: 2nd getting empty string from inexisting W/tmp/tests/noexist.txt' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'nthline: mkpath W/tmp/tests/' ) ; is( "L1\nL2\nL3\nL4\n" , string_to_file( "L1\nL2\nL3\nL4\n", 'W/tmp/tests/nthline.txt' ), 'nthline: put L1\nL2\nL3\nL4\n in W/tmp/tests/nthline.txt' ) ; is( 'L3' , nthline( 'W/tmp/tests/nthline.txt', 3 ), 'nthline: get L3 from W/tmp/tests/nthline.txt' ) ; note( 'Leaving tests_nthline()' ) ; return ; } -- is( undef, file_to_string( ), 'file_to_string: no args => undef' ) ; is( undef, file_to_string( '/noexist' ), 'file_to_string: /noexist => undef' ) ; is( undef, file_to_string( '/' ), 'file_to_string: reading a directory => undef' ) ; ok( file_to_string( $PROGRAM_NAME ), 'file_to_string: reading myself' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'file_to_string: mkpath W/tmp/tests/' ) ; is( 'lilili', string_to_file( 'lilili', 'W/tmp/tests/canbewritten' ), 'file_to_string: string_to_file filling W/tmp/tests/canbewritten with lilili' ) ; is( 'lilili', file_to_string( 'W/tmp/tests/canbewritten' ), 'file_to_string: reading W/tmp/tests/canbewritten is lilili' ) ; is( q{}, string_to_file( q{}, 'W/tmp/tests/empty' ), 'file_to_string: string_to_file filling W/tmp/tests/empty with empty string' ) ; is( q{}, file_to_string( 'W/tmp/tests/empty' ), 'file_to_string: reading W/tmp/tests/empty is empty' ) ; note( 'Leaving tests_file_to_string()' ) ; return ; } -- note( 'Entering tests_string_to_file()' ) ; is( undef, string_to_file( ), 'string_to_file: no args => undef' ) ; is( undef, string_to_file( 'lalala' ), 'string_to_file: one arg => undef' ) ; is( undef, string_to_file( 'lalala', '.' ), 'string_to_file: writing a directory => undef' ) ; ok( (-d 'W/tmp/tests/' or mkpath( 'W/tmp/tests/' ) ), 'string_to_file: mkpath W/tmp/tests/' ) ; is( 'lalala', string_to_file( 'lalala', 'W/tmp/tests/canbewritten' ), 'string_to_file: W/tmp/tests/canbewritten with lalala' ) ; is( q{}, string_to_file( q{}, 'W/tmp/tests/empty' ), 'string_to_file: W/tmp/tests/empty with empty string' ) ; SKIP: { Readonly my $NB_UNX_tests_string_to_file => 1 ; skip( 'Not on Unix non-root', $NB_UNX_tests_string_to_file ) if ('MSWin32' eq $OSNAME or '0' eq $EFFECTIVE_USER_ID ) ; is( undef, string_to_file( 'lalala', '/cantouch' ), 'string_to_file: /cantouch denied => undef' ) ; -- return backtick( $command ) ; } sub search_dyn_lib_locale_linux { my $command = qq{ lsof -p $PID | grep ' REG ' | grep -v '/tmp/par-' | grep '\.so' } ; myprint( "Search non embeded dynamic libs with the command: $command\n" ) ; return backtick( $command ) ; } sub search_dyn_lib_locale_MSWin32 -- sub tests_logfileprepa { note( 'Entering tests_logfileprepa()' ) ; is( undef, logfileprepa( ), 'logfileprepa: no args => undef' ) ; my $logfile = 'W/tmp/tests/tests_logfileprepa.txt' ; is( 1, logfileprepa( $logfile ), 'logfileprepa: W/tmp/tests/tests_logfileprepa.txt => 1' ) ; note( 'Leaving tests_logfileprepa()' ) ; return ; } -- is( undef, teelaunch( ), 'teelaunch: no args => undef' ) ; my $mysync = {} ; is( undef, teelaunch( $mysync ), 'teelaunch: arg empty {} => undef' ) ; $mysync->{logfile} = q{} ; is( undef, teelaunch( $mysync ), 'teelaunch: logfile empty string => undef' ) ; $mysync->{logfile} = 'W/tmp/tests/tests_teelaunch.txt' ; isa_ok( my $tee = teelaunch( $mysync ), 'IO::Tee' , 'teelaunch: logfile W/tmp/tests/tests_teelaunch.txt' ) ; is( 1, print( $tee "Hi!\n" ), 'teelaunch: write Hi!') ; is( "Hi!\n", file_to_string( 'W/tmp/tests/tests_teelaunch.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch.txt is Hi!\n' ) ; is( 1, print( $tee "Hoo\n" ), 'teelaunch: write Hoo') ; is( "Hi!\nHoo\n", file_to_string( 'W/tmp/tests/tests_teelaunch.txt' ), 'teelaunch: reading W/tmp/tests/tests_teelaunch.txt is Hi!\nHoo\n' ) ; note( 'Leaving tests_teelaunch()' ) ; return ; } -- if ( ! $mysync->{ testsdebug } ) { skip 'No test in normal run' ; } note( 'Entering testsdebug()' ) ; #ok( ( ( not -d 'W/tmp/tests' ) or rmtree( 'W/tmp/tests/' ) ), 'testsdebug: rmtree W/tmp/tests' ) ; #tests_check_binary_embed_all_dyn_libs( ) ; #tests_killpid_by_parent( ) ; #tests_killpid_by_brother( ) ; #tests_kill_zero( ) ; #tests_connect_socket( ) ;; fail impose+-0.2-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/impose: $ grep /tmp/ /usr/bin/impose $ybot=30 unless $ybot; $pages=6 unless defined $pages; $rotdir="L" unless $rotdir; $filename = shift or do { $filename = "/tmp/$ENV{USER}-tmp.ps"; open(TMP, ">$filename"); while(<>) { print TMP; } close(TMP); $do_stdout++; $do_erase_tmp++; $_=; @oddbbox=split; $_=; @evenbbox=split; @oddbbox = @evenbbox unless @evenbbox; close(BB); } elsif ($lastbbox && -e "/tmp/bboxx-$ENV{USER}") { open(BB,"/tmp/bboxx-$ENV{USER}"); $_=; @oddbbox=split; $_=; @evenbbox=split; close(BB); # print "oddbbox = @oddbbox\n"; # print "evenbbox = @evenbbox\n"; -- } @evenbbox = @oddbbox if $noevenodd; # record the bboxx information open(BB, ">/tmp/bboxx-$ENV{USER}"); print BB "@oddbbox\n@evenbbox\n"; close(BB); # Do page calculations $oddwidth = $oddbbox[2]-$oddbbox[0];; fail installer-alterator-pkg-3.1.8-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/pkg-size: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/pkg-size echo "pkg-size:start" echo "$in_lists" > /var/lib/installer-alterator-pkg/pkg-list local tmpfile="$(make_manifest ${in_lists//;/ })" if [ -s "$tmpfile" ]; then stderr_handler & echo "n"|apt-get --simple-output install --manifest "$tmpfile" 2>> /tmp/install2.log || rc=$? else echo "apt-get:status:disk-size:0k" fi rm -f "$tmpfile" # ignore the no free space error before partitioning the disk local no_space_err_msg="E: You don't have enough free space in " if [[ ! -e /tmp/fstab && "$(tail -n 1 /tmp/install2.log)" == "$no_space_err_msg"* && "$rc" == "100" ]]; then rc=1 fi echo "pkg-size:finish:$rc" } Found error in /usr/lib/alterator/backend3/pkg-install: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/pkg-install write) [ -z "$AUTOINSTALL" ] || in_auto='#t' case "$in__objects" in /) if test_bool "$in_auto"; then make_apt < /dev/null &> /tmp/pkg-install.log else start_pipe &> /tmp/pkg-install.log fi ;; notify) write_pipe "$in_message" ;;; fail installer-distro-altlinux-server-stage2-7.0.2-alt3.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/05-vm-profile: $ grep /tmp/ /usr/share/install2/initinstall.d/05-vm-profile #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } mem="$(sed '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB finded_disks_size="$(find /sys/block/{hd,sd,vd,nvme,mmc}*/size 2> /dev/null)" [ "$finded_disks_size" ] &&; fail installer-distro-centaurus-stage2-10.4-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/preinstall.d/35-enable-systemd-networkd.sh: $ grep -A5 -B5 /tmp/ /usr/share/install2/preinstall.d/35-enable-systemd-networkd.sh shell_config_set $i/options NM_CONTROLLED no shell_config_set $i/options SYSTEMD_CONTROLLED yes shell_config_set $i/options DISABLED yes done } >> /tmp/install2.log 2>&1 : Found error in /usr/share/install2/postinstall.d/66-setup-net-services.sh: $ grep -A5 -B5 /tmp/ /usr/share/install2/postinstall.d/66-setup-net-services.sh if [ -z "$SYSTEMD_CONTROLLED" ] ; then chroot $destdir systemctl disable systemd-networkd.service chroot $destdir systemctl disable systemd-resolved.service fi } >> /tmp/install2.log 2>&1 :; fail installer-scripts-remount-stage2-0.6.4-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/install2-remount-functions: $ grep -A5 -B5 /tmp/ /usr/sbin/install2-remount-functions start_lvm && start_luks && mount_chroot && systemd_tmpfiles_chroot && set_active \ ) >& /tmp/remount.log || return $? } remount_destination() { # remount destdir after alterator-vm # no mount chroot filesystem (/dev, /proc, /sys) -- start_mdraid && start_lvm && start_luks && mount_destination && set_active \ ) >& /tmp/remount.log || return $? } # avoid automatic rpm shell.req dependency MULTIPATHD=/sbin/multipathd MDADM=/sbin/mdadm LVM=/sbin/lvm CRYPTSETUP=/sbin/cryptsetup CRYPTSETUP_KEY=/tmp/empty PUTFILE=/usr/share/make-initrd/tools/put-file BLKID="blkid -c /dev/null" # alterator-vm should leave LUKS containers # with initial empty password, see #28200 -- # for installer-feature-desktop-other-fs, see also #29005 save_blkid_state() { find /dev/mapper -type l \ | xargs -r $BLKID \ > /tmp/blkid.dm } populate_fstab() { [ ! -f /tmp/fstab ] || cat /tmp/fstab >> "$destdir/etc/fstab" } copy_chroot_binaries() { useputfile= if [ -x "$destdir$PUTFILE" ]; then useputfile='yes' binddir="$(mktemp -d "$destdir/tmp/copy_chroot_binaries.XXXXXXXXX")" workdir="${binddir#$destdir}" mount --bind / "$binddir" else echo "remount: file does not exist or is not available for execution: $destdir$PUTFILE" >&2 fi -- } stop_mdraid() { # saving state is only important *after* evms if [ -f /proc/mdstat -a -x "$MDADM" ]; then "$MDADM" --examine --scan > /tmp/mdadm.conf "$MDADM" -v --stop --scan fi } start_mdraid() { if [ -s /tmp/mdadm.conf -a -x "$MDADM" ]; then # an arbitrary value of the year: packages installed already sysctl -w dev.raid.speed_limit_max=1000000 # chroot's mdadm.conf populated by 45-mdadm.sh "$MDADM" -v --assemble --run --scan --config=/tmp/mdadm.conf ||: fi } start_multipath() { if [ -x "$MULTIPATHD" ]; then -- done fi } mount_destfs() { # depends on /tmp/fstab just like 10-fstab.sh local mpoint="$1" mountpoint -q "$destdir""$mpoint" && return 0 local destfs="$(awk -v mpoint="$mpoint" '{ if ($2==mpoint) print $1 }' < /tmp/fstab)" case "$destfs" in UUID=*) destfs="`$BLKID -U ${destfs#UUID=}`" ;; LABEL=*) -- echo "by ${UUID:+UUID=$UUID}${LABEL:+LABEL=$LABEL}" time $BLKID return 3 fi >&2 mountopts="$(grep "[[:space:]]$mpoint[[:space:]]" /tmp/fstab | awk '{ print $4 }')" mount -v "$destfs" "$destdir$mpoint" -o "$mountopts" || return 3 } mount_chroot() { -- ! mountpoint "$destdir" || return 1 } # mount destdir without make chroot, after umount_destination mount_destination() { [ -s /tmp/fstab ] || return 4 for mpoint in $(awk '{ print $2 }' < /tmp/fstab | grep / | sort); do mount_destfs $mpoint || return $? done } systemd_tmpfiles_chroot() {; fail kdump-tools-checkinstall-1.8-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/kdump-tools/kdump-checkinstall.sh: $ grep -A5 -B5 /tmp/ /usr/lib/kdump-tools/kdump-checkinstall.sh vm_prepare() { sed -i -e '/#KDUMP_CMDLINE_REMOVE/s/#//' \ -e '/^KDUMP_CMDLINE_REMOVE/s/"$/ quiet"/'\ /etc/sysconfig/kdump-tools vm-create-image /tmp/i } cause_panic() { df -h -- find /var/crash -type f -perm /77 -ls -exec false {} + } vm_panic() { timeout 100 vm-run --rootfs=/tmp/i --kvm=only --append='crashkernel=256M' "$0" cause_panic |& tee /tmp/log \ || echo 'Failure is expected because of crash.' grep "sysrq: Trigger a crash" /tmp/log grep "Kernel panic - not syncing: sysrq triggered crash" /tmp/log grep "Kdump: loaded" /tmp/log } vm_analyze() { timeout 100 vm-run --rootfs=/tmp/i --kvm=only "$0" analyze } if [ $# -eq 0 ]; then [ -w /dev/kvm ] || { echo >&2 "/dev/kvm is needed to run this script."; fail kernel-headers-modules-xenomai-4.19.252-alt1.cip78.23.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/src/linux-4.19.252-xenomai-alt1.cip78.23/tools/testing/selftests/intel_pstate/run.sh: $ grep /tmp/ /usr/src/linux-4.19.252-xenomai-alt1.cip78.23/tools/testing/selftests/intel_pstate/run.sh # and the value of MSR 0x199 (MSR_IA32_PERF_CTL) which indicates what # pstate the cpu is in, and the value of # /sys/devices/system/cpu/intel_pstate/max_perf_pct X maximum turbo state # # Notes: In some cases several frequency values may be placed in the # /tmp/result.X files. This is done on purpose in order to catch cases # where the pstate driver may not be working at all. There is the case # where, for example, several "similar" frequencies are in the file: # # #/tmp/result.3100:1:cpu MHz : 2899.980 #/tmp/result.3100:2:cpu MHz : 2900.000 #/tmp/result.3100:3:msr 0x199: 0x1e00 #/tmp/result.3100:4:max_perf_pct 94 # # and the test will error out in those cases. The result.X file can be checked # for consistency and modified to remove the extra MHz values. The result.X # files can be re-evaluated by setting EVALUATE_ONLY to 1 below. ./aperf $cpu & done echo "sleeping for 5 seconds" sleep 5 grep MHz /proc/cpuinfo | sort -u > /tmp/result.freqs num_freqs=$(wc -l /tmp/result.freqs | awk ' { print $1 } ') if [ $num_freqs -ge 2 ]; then tail -n 1 /tmp/result.freqs > /tmp/result.$1 else cp /tmp/result.freqs /tmp/result.$1 fi ./msr 0 >> /tmp/result.$1 max_perf_pct=$(cat /sys/devices/system/cpu/intel_pstate/max_perf_pct) echo "max_perf_pct $max_perf_pct" >> /tmp/result.$1 for job in `jobs -p` do echo "waiting for job id $job" wait $job -- echo "The marketing frequency of the cpu is $mkt_freq MHz" echo "The maximum frequency of the cpu is $max_freq MHz" echo "The minimum frequency of the cpu is $min_freq MHz" # make a pretty table echo "Target Actual Difference MSR(0x199) max_perf_pct" | tr " " "\n" > /tmp/result.tab for freq in `seq $max_freq -100 $min_freq` do result_freq=$(cat /tmp/result.${freq} | grep "cpu MHz" | awk ' { print $4 } ' | awk -F "." ' { print $1 } ') msr=$(cat /tmp/result.${freq} | grep "msr" | awk ' { print $3 } ') max_perf_pct=$(cat /tmp/result.${freq} | grep "max_perf_pct" | awk ' { print $2 } ' ) cat >> /tmp/result.tab << EOF $freq $result_freq $((result_freq - freq)) $msr $((max_perf_pct lib usr max_freq)) EOF done # print the table pr -aTt -5 < /tmp/result.tab exit 0 Found error in /usr/src/linux-4.19.252-xenomai-alt1.cip78.23/samples/bpf/test_cgrp2_sock2.sh: $ grep -A5 -B5 /tmp/ /usr/src/linux-4.19.252-xenomai-alt1.cip78.23/samples/bpf/test_cgrp2_sock2.sh ip addr add 172.16.1.101/24 dev veth0b ip addr add 2401:db00::2/64 dev veth0b nodad } function config_cgroup { rm -rf /tmp/cgroupv2 mkdir -p /tmp/cgroupv2 mount -t cgroup2 none /tmp/cgroupv2 mkdir -p /tmp/cgroupv2/foo echo $$ >> /tmp/cgroupv2/foo/cgroup.procs } function attach_bpf { test_cgrp2_sock2 /tmp/cgroupv2/foo sock_flags_kern.o $1 [ $? -ne 0 ] && exit 1 } function cleanup { if [ -d /tmp/cgroupv2/foo ]; then test_cgrp2_sock -d /tmp/cgroupv2/foo fi ip link del veth0b ip netns delete at_ns0 umount /tmp/cgroupv2 rm -rf /tmp/cgroupv2 } cleanup 2>/dev/null set -e; fail linuxcnc-2.9.2-alt4.20240203.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib64/tcl/linuxcnc/ngcgui_ttt.tcl: $ grep -A5 -B5 /tmp/ /usr/lib64/tcl/linuxcnc/ngcgui_ttt.tcl #future: puts check:<$msg> #future: } #future: test ans here # hack follows: catch {set ans1 [eval exec $::ttt(exe) -? 2>/tmp/ttt.q]} catch {set ans2 [eval exec grep -c subdiv /tmp/ttt.q]} catch {file delete /tmp/ttt.q} if {[info exists ans2] && $ans2 == 1} { set ::ttt(msg) "::ttt::embedinit [_ "found truetype-tracer v4 -OK"]" return 1 } else { puts stderr "::ttt::embedinit:[_ "Note truetype-tracer v4 is required"]"; fail lua5.1-module-luasocket-3.0rc1-alt4_lr2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/luarocks/rocks-5.1/luasocket/3.0rc1-2/test/cgi/cat: $ grep /tmp/ /usr/lib/luarocks/rocks-5.1/luasocket/3.0rc1-2/test/cgi/cat #!/bin/sh echo Content-type: text/plain echo cat > /tmp/luasocket.cat.tmp cat /tmp/luasocket.cat.tmp; fail lua5.3-module-luasocket-3.0rc1-alt4_lr2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/luarocks/rocks-5.3/luasocket/3.0rc1-2/test/cgi/cat: $ grep /tmp/ /usr/lib/luarocks/rocks-5.3/luasocket/3.0rc1-2/test/cgi/cat #!/bin/sh echo Content-type: text/plain echo cat > /tmp/luasocket.cat.tmp cat /tmp/luasocket.cat.tmp; fail lz11-V2-1.2-alt1.qa2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/lz11.stopjobs: $ grep /tmp/ /usr/bin/lz11.stopjobs if [ "${pids}" ] ; then exit 0 fi echo "${pids}" > /tmp/lz11.terminate waitcounts=30 echo echo echo "removing all active printer jobs for " echo " etc usr with PIDS ${pids}" if [ ${nonefound} == 1 ] ; then i=${waitcounts} echo -n " STOPPED!" fi done rm -f /tmp/lz11.terminate echo if [ ${nonefound} = 0 ] ; then echo "The program could not stop the prints safely." echo "Just killing the print processes now!" echo Found error in /usr/bin/lz11.foomatic: $ grep -A5 -B5 /tmp/ /usr/bin/lz11.foomatic $debug = 1; local *ERR; if ($debug) { open(ERR,">>/tmp/lz11err"); print ERR "-----------\n"; print ERR "@ARGV\n"; } else { open(ERR, ">&STDERR"); } -- # ---------------------------------------------------------- # cZ11 command line # ---------------------------------------------------------- $cz11 = "cZ11-V2 $devicez11 $sizez11 $adjustz11"; if ( $cancel == 1 ) { $cz11 = "$cz11"." --terminate=/tmp/lz11.terminate"; } elsif ( $cancel ) { $cz11 = "$cz11"." --terminate-eject=/tmp/lz11.terminate"; } $cz11 = "$cz11"." 2>>/tmp/lz11err"; # ---------------------------------------------------------- # Do it! # ---------------------------------------------------------- $invokation = "$gs -q -dBATCH -dSAFER -dNOPAUSE $devicegs $ditherppi $resgs $sizegs -sOutputFile=- - | $cz11"; if ($debug) { print ERR "$invokation \n"; } system("$invokation"); system("chmod a+rw /tmp/lz11*"); close(ERR);; fail m2300w-0.51-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/m2300w-wrapper: $ grep /tmp/ /usr/bin/m2300w-wrapper # is heavy based on the Script from Rick's 'foo2zjs-wrapper' for the # Minolta Magiccolor 2300DL. # So i will leave his copyright on it. #********************************************************************* cat >> /tmp/m2300w.log <> /tmp/m2300w.log <>/tmp/m2300w.log) 3>&1 | tee /tmp/m2300w_gsout.pbm | $DRIVER $DRIVER_DEBUG $M2300WUCR $SAVETONER $PAPERCODE $MEDIACODE \ -i - -o - $COLOR $RESCODESTR | tee /tmp/m2300w.prn EOF $PREFILTER | ($GS $gsPaperCode $RES $GSDEV $GSOPT \ -sOutputFile="|cat 1>&3" $RENDERFILES - >>/tmp/m2300w.log) 3>&1 | tee_pbm | $DRIVER $DRIVER_DEBUG $M2300WUCR $SAVETONER $PAPERCODE $MEDIACODE \ -i - -o - $COLOR $RESCODESTR | tee_prn; fail make-initrd-colaboot-0.5-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/make-initrd/features/colaboot/data/scripts/post/udev/colaboot: $ grep /tmp/ /usr/share/make-initrd/features/colaboot/data/scripts/post/udev/colaboot REPLACEMENT=$(echo $ROOT |sed 's|(.*)/.*|\1|') elif echo $MACRO_NAME |grep "^DHCP_"; then # for this macro type we need to make sure first that network is up [ "$NETWORK_IS_UP" ] && network_init >&2 DHCP_OPT_NAME=$(echo $MACRO_NAME |sed 's/^DHCP_//') REPLACEMENT=$(get_mnf_param $DHCP_OPT_NAME /tmp/lease-info |sed "s/'//g") fi STR=$(echo $STR |sed "s|{.*}|$REPLACEMENT|") fi echo $STR } done } network_init() { if [ -s /tmp/lease-info ]; then # It seems network is already up NETWORK_IS_UP=1 return fi -- fi sleep .1 done if ip -o -4 addr list |grep -Fqv "inet 127.0.0.1"; then verbose "Save lease info into /tmp/lease-info" for lease in /var/lib/dhcpcd/*.lease; do iface=$(basename $lease |sed -e 's/dhcpcd-//' -e 's/\.lease$//') dhcpcd -4 -U $iface > /tmp/lease-info done NETWORK_IS_UP=1 else error "No assigned IP found. Network problem?" fi -- FORCE_CACHE_IMAGES=${clb_force_cache_images:-1} WAIT_DELAY=${ROOTDELAY:-180} verbose "CoLaBoot: root url=${ROOT}, clb_fs_size=${clb_fs_size}, clb_force_cache_images=${FORCE_CACHE_IMAGES}" RDISK=/tmp/clb-ramdisk CACHED_IMAGES=$RDISK/cached-images IMAGES_MPOINTS=$RDISK/mount-points IMG_FS_PATH=/tmp/images-fs # this location can be overrided for local HDD, NFS or iSCSI RW_LAYER_PATH=$IMAGES_MPOINTS mkdir -p $RDISK -- for MPOINT in $IMG_FS_PATH/*; do grep -q " $MPOINT " /proc/mounts && umount -l $MPOINT done [ -n "$NETWORK_IS_UP" -o -s /tmp/lease-info ] && network_down } # =========< start here >============= prepare; fail ndiswrapper-1.61-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/ndiswrapper-buginfo: $ grep /tmp/ /usr/sbin/ndiswrapper-buginfo # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA LOGFILE=`mktemp /tmp/ndiswrapper.XXXXXX` KVERS=`uname log() { echo "$*" 2>&1 >> $LOGFILE log "kernel config missing" fi fi fi gzip -c $LOGFILE > /tmp/ndiswrapper-buginfo.gz echo "please attach /tmp/ndiswrapper-buginfo.gz to your bugreport!" \rm -f $LOGFILE; fail netdata-1.43.2-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/netdata/plugins.d/health-cmdapi-test.sh: $ grep /tmp/ /usr/lib/netdata/plugins.d/health-cmdapi-test.sh d['alarms']['system.cpu.10min_cpu_iowait']['silenced'], \ d['alarms']['system.load.load_trigger']['disabled'], \ d['alarms']['system.load.load_trigger']['silenced'], \ );" 2>&1) if [ $? 0 ] ; then echo " ${RED}ERROR: Unexpected response stored in /tmp/resp-$number.json" echo "$resp" > /tmp/resp-$number.json err=$((err+1)) iter=0 elif [ "${r}" != "${2}" ] ; then echo " ${GRAY}WARNING: 'Got ${r}'. Expected '${2}'" iter=$((iter+1)); fail newsboat-2.23-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/newsboat/contrib/getpocket.com/create-pocket-user-token.sh: $ grep /tmp/ /usr/share/doc/newsboat/contrib/getpocket.com/create-pocket-user-token.sh # shamelessy copy this from contrib/bookmark-pinboard TMP_TOKEN=`echo $output | sed 's/^.*\"code\":"$[^"]*$".*$/\1/'` # redirect user to pocket authentication page AUTH_URL="https://getpocket.com/auth/authorize?request_token=$TMP_TOKEN&redirect_uri=https://github.com/newsboat/newsboat/blob/c8c92a17fa0862fb7a648e88723eb48cb9cb582c/contrib/getpocket.com/after_authentication.md" echo $TMP_TOKEN> /tmp/pocket_token echo "please navigate to $AUTH_URL, active the access. Then press enter" xdg-open $AUTH_URL read dontcare output=`wget "consumer_key=$APPLICATION_CONSUMER_KEY&code=$TMP_TOKEN" https://getpocket.com/v3/oauth/authorize - 2>/dev/null` echo $output > /tmp/input output=`echo $output | sed 's/^.*access_token=$[^&"]*$.*$/\1/'` echo $output > ~/.pocket_access_token; fail ocsinventory-agent-2.8.1-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/ocsinventory-agent: $ grep /tmp/ /usr/bin/ocsinventory-agent =item B<--stdout> Print the inventory on stdout. % ocsinventory-agent > /tmp/report.xml # prepare an inventory and write it in the /tmp/report.xml file. # A file will be created. =item B<--scan-homedirs> Authorized OCS to scan home directories to increase the Virtual Machine inventory.; fail opennebula-server-6.2.0.1-alt4.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/qemu.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/one.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/one.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxd.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/lxc.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/kvm.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/firecracker.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/equinix.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/ec2.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE } Found error in /var/lib/one/remotes/im/az.d/monitord-client_control.sh: $ grep /tmp/ /var/lib/one/remotes/im/az.d/monitord-client_control.sh # Collectd client (Ruby) CLIENT=$DIR/${BASENAME}.rb # Collectd client PID CLIENT_PID_FILE=/tmp/one-monitord-$HID.pid # Launch the client function start_client() { rm $CLIENT_PID_FILE >/dev/null 2>&1 echo "$STDIN" | /usr/bin/env ruby $CLIENT $ARGV 2> /tmp/one-monitord-$HID.error & CLIENT_PID=$! sleep 1 if [ "$CLIENT_PID" ] || ! ps $CLIENT_PID > /dev/null; then cat /tmp/one-monitord-$HID.error exit 1 fi echo $CLIENT_PID > $CLIENT_PID_FILE }; fail otl-0.54-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/otlsub: $ grep /tmp/ /usr/bin/otlsub ################################### # need to rewrite and reread file so that \n's are now processed correctly # and each line ends up as a separate array element # write it to temp file unlink("/tmp/tmp.otl"); open(FOUT, ">/tmp/tmp.otl"); flock(FOUT,2); print FOUT @linesout; close (FOUT); # now read it @linesout=(); open(INFO,"/tmp/tmp.otl"); @linesout=; close(INFO); # # $llength is length of linesout Found error in /usr/bin/otl: $ grep -A5 -B5 /tmp/ /usr/bin/otl #### # # need to rewrite and reread file so that \n's are now processed correctly # and each line ends up as a separate array element # -- write it to temp file open(FOUT, ">/tmp/tmp.otl"); flock(FOUT,2); print FOUT @linesout; close (FOUT); # now read it @linesout=(); open(INFO,"/tmp/tmp.otl"); @linesout=; close(INFO); $lineslength=@linesout; if ($debug); fail perl-Tapper-Cmd-5.0.12-alt1_1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/auto/Tapper/Cmd/Init/hello-world/run-hello-world.sh: $ grep /tmp/ /usr/share/perl5/auto/Tapper/Cmd/Init/hello-world/run-hello-world.sh start-tapper-daemon () { DAEMON=$1 if ps auxwww | grep grep | grep $DAEMON ; then kill $(ps auxwww | grep grep | grep $DAEMON | awk '{print $2}') fi $DAEMON > /tmp/$DAEMON-helloworld.log 2>&1 & } start-tapper-daemon tapper_reports_web_server.pl start-tapper-daemon tapper-reports-receiver start-tapper-daemon tapper-reports-api; fail phoronix-test-suite-10.8.0-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww2-1.1.0/pre.sh: $ grep /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww2-1.1.0/pre.sh #!/bin/bash set xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Total War WARHAMMER II" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tww2-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.3/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.3/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.2/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.2/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/thronesofbritannia-1.0.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/thronesofbritannia-1.0.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Thrones of Britannia" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tob-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/interim.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/interim.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.2/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.2/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Rise of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/rotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Rise of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/rotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.1/pre.sh #!/bin/bash set -o xtrace exec > /tmp/test exec 2>&1 export HOME=$DEBUG_REAL_HOME # Game identity FERAL_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive" -- ;; esac # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/f12017-bkp-dt GAME_PREFS_BKP="${FERAL_PREFS}/F1 2017.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.0/pre.sh #!/bin/bash set -o xtrace exec > /tmp/test exec 2>&1 export HOME=$DEBUG_REAL_HOME # Game identity FERAL_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive" -- ;; esac # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/f12017-bkp-dt GAME_PREFS_BKP="${FERAL_PREFS}/F1 2017.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}"; fail pptpd-1.4.0-alt3.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/pptpd-1.4.0/tools/vpnuser: $ grep /tmp/ /usr/share/doc/pptpd-1.4.0/tools/vpnuser exit 1 fi ;; del) if [ "$(echo $2)" != "" ]; then grep "$2" $config > /tmp/vpnblaat mv /tmp/vpnblaat $config chmod 600 $config else echo $ERROR exit 1 fi cat $config fi ;; domain) if [ "$(echo $2)" != "" ] & [ "$(echo $3)" != "" ]; then grep -vw "$2" $config > /tmp/vpnblaat DATA=`grep -w "$2" $config` mv /tmp/vpnblaat $config DOM=`echo $3 | tr a-z A-Z` dom=`echo $3 | tr A-Z a-z` echo "$DOM\\\\$DATA" >> $config echo "$dom\\\\$DATA" >> $config chmod 600 $config; fail rpm-build-vm-checkinstall-1.65-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/vm-run.ci/checkinstall: $ grep -A5 -B5 /tmp/ /usr/lib/vm-run.ci/checkinstall # Bringing up secondary CPUs" message. ls -l /dev/kvm set | grep ^LD_ # Simulate filetrigger run find /boot > /tmp/filelist /usr/lib/rpm/posttrans-filetriggers /tmp/filelist rm /tmp/filelist # Remove trigger so it does not re-create '/tmp/vm-ext4.img'. > /usr/lib/rpm/z-vm-createimage.filetrigger kvm-ok timeout 300 vm-run --heredoc <<-'EOF' uname -a -- ! timeout --preserve-status 300 vm-run "true; false; true" || exit 1 timeout 300 vm-run --mem=max free -g timeout 300 vm-run --mem=256 --cpu=max lscpu df -h /tmp timeout 300 vm-run --tmp=max df -h /tmp rm /tmp/vm-tmpfs.qcow2 timeout 300 vm-run --verbose --overlay=ext4 uname -a rmdir /mnt/0 rm /usr/src/ext4.0.img timeout 300 vm-run --rootfs --verbose df rm /tmp/vm-ext4.img timeout 300 vm-run --hvc --no-quiet 'dmesg -r | grep Unknown' timeout 300 vm-run --tcg --mem='' --cpu=1 cat /proc/cpuinfo # Clean up without '-f' ensures these files existed. rm /tmp/initramfs-*un-def-alt*.img # SCRIPT and exit code files form each vm-run invocation. Each SCRIPT file # should correspond to '.ret' file. find /tmp/vm.?????????? -maxdepth 0 | xargs -t -i -n1 rm {} {}.ret; fail rvm-devel-1.29.12-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/rvm/scripts/maglev: $ grep -A5 -B5 /tmp/ /usr/lib/rvm/scripts/maglev # put them in sysctl.conf so they are preserved. if [[ ! -f /etc/sysctl.conf ]] || (( $(__rvm_grep -sc "kern.*.shm" /etc/sysctl.conf) == 0 )) then case "$system" in Linux) echo "# kernel.shm* settings added by MagLev installation" > /tmp/sysctl.conf.$$ echo "kernel.shmmax=$(\command \cat /proc/sys/kernel/shmmax)" >> /tmp/sysctl.conf.$$ echo "kernel.shmall=$(\command \cat /proc/sys/kernel/shmall)" >> /tmp/sysctl.conf.$$ ;; Darwin) # On Mac OS X Leopard, you must have all five settings in sysctl.conf # before they will take effect. echo "# kern.sysv.shm* settings added by MagLev installation" > /tmp/sysctl.conf.$$ sysctl kern.sysv.shmmax kern.sysv.shmall kern.sysv.shmmin kern.sysv.shmmni \ kern.sysv.shmseg | \command \tr ":" "=" | \command \tr -d " " >> /tmp/sysctl.conf.$$ ;; SunOS) # Do nothing in SunOS since /etc/sysctl.conf is ignored on Solaris 10. # Must configure shared memory settings manually. ;; -- # Do nothing on SunOS since /etc/sysctl.conf is ignored on Solaris 10. if [[ "$system" != "SunOS" ]] then rvm_log "Adding the following section to /etc/sysctl.conf" \command \cat /tmp/sysctl.conf.$$ __rvm_try_sudo bash -c "\command \cat /tmp/sysctl.conf.$$ >> /etc/sysctl.conf" /bin/\command \rm -f /tmp/sysctl.conf.$$ fi else rvm_log "The following shared memory settings already exist in /etc/sysctl.conf" echo "To change them, remove the following lines from /etc/sysctl.conf and rerun this script" __rvm_grep "kern.*.shm" /etc/sysctl.conf; fail scanbuttond-0.2.3-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/scanbuttond/buttonpressed.sh: $ grep /tmp/ /etc/scanbuttond/buttonpressed.sh # $1 ... the button number # $2 ... the scanner's SANE device name, which comes in handy if there are two or # more scanners. In this case we can pass the device name to SANE programs # like scanimage. TMPFILE="/tmp/scan.tiff" LOCKFILE="/tmp/copy.lock" case $1 in 1) echo "button 1 has been pressed on $2" # echo "Error: Another scanning operation is currently in progress" # exit # fi # touch $LOCKFILE # rm -f $TMPFILE scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm A= gimp /tmp/image.pnm # tiff2ps -z -w 8.27 -h 11.69 $TMPFILE | lpr # rm -f $LOCKFILE # ;; 2) echo "button 2 has been pressed on $2" scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm lpr /tmp/image.pnm ;; 3) echo "button 3 has been pressed on $2" scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm A= evolution mailto:?attach=/tmp/image.pnm ;; 4) echo "button 4 has been pressed on $2" ;; esac; fail select-kernel-0.99.2-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/select-kernel: $ grep /tmp/ /usr/sbin/select-kernel message() { printf %s\\n "$PROG: $*" >&2 } debug() { echo "$@" >> /tmp/$PROG.dbg } show_help() { cat << EOF yes= numeric= RELEASE=. FLAVOUR=. CACHE=/tmp/$PROG.$$ trap "rm -f $CACHE" EXIT SIGHUP SIGINT SIGQUIT SIGTERM while [ -n "$1" ]; do if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then show_help; fail startup-rescue-0.49.1-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/rc.d/rc.sysinit.rescue: $ grep -A5 -B5 /tmp/ /etc/rc.d/rc.sysinit.rescue # Ensure plymouth is not running killall plymouthd >/dev/null 2>&1 remount_aufs() { [ -d "$1" ] || return 0 mkdir -p -- "/tmp/root$1" mount -n -t aufs -o dirs="/tmp/root$1=rw:$1=ro" "/tmp/root$1" "$1" } # Avoid double-aufs/overlayfs attempt if ! grep -qE "^overlay|/ aufs" /proc/mounts; then for mpoint in /etc /var /lib /bin /sbin /home /root /mnt; do -- action "Mounting efivars filesystem:" mount -t efivarfs none /sys/firmware/efi/efivars fi # run tmpfiles.d scripts if systemd_tmpfiles="$(find_util systemd-tmpfiles)"; then "$systemd_tmpfiles" --clean >/tmp/tmpfiles.log 2>&1 "$systemd_tmpfiles" --remove --create --boot --exclude-prefix=/dev >>/tmp/tmpfiles.log 2>&1 fi # Recover mdadm.conf if it's been changed above if [ -s "$MDCONF" ]; then sed -i 's,^DEVICE /dev/null,DEVICE partitions,' "$MDCONF"; fail systemd-tests-249.17-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/systemd/tests/testdata/units/testsuite-58.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/testsuite-58.sh fi export SYSTEMD_LOG_LEVEL=debug export PAGER=cat rm -f /var/tmp/testsuite-58.img /var/tmp/testsuite-58.2.img /tmp/testsuite-58.dump mkdir -p /tmp/testsuite-58-defs/ # First part: create a disk image and verify its in order cat >/tmp/testsuite-58-defs/esp.conf </tmp/testsuite-58-defs/usr.conf </tmp/testsuite-58-defs/root.conf </tmp/testsuite-58-defs/esp.conf </tmp/testsuite-58-defs/usr.conf </tmp/testsuite-58-defs/root.conf </testok exit 0 Found error in /usr/lib/systemd/tests/testdata/units/testsuite-57-short-lived.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/testsuite-57-short-lived.sh #!/usr/bin/env bash set -ex if [ -f /tmp/testsuite-57.counter ] ; then read -r counter < /tmp/testsuite-57.counter counter=$(("$counter" + 1)) else counter=0 fi echo "$counter" > /tmp/testsuite-57.counter if [ "$counter" -eq 5 ] ; then systemctl kill --kill-who=main -sUSR1 testsuite-57.service fi Found error in /usr/lib/systemd/tests/testdata/units/testsuite-54.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/testsuite-54.sh -p LoadCredential=shadow:/etc/shadow \ -p SetCredential=dog:wuff \ -p DynamicUser=1 \ --wait \ --pipe \ cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' >/tmp/ts54-concat ( cat /etc/passwd /etc/shadow && echo -n wuff ) | cmp /tmp/ts54-concat rm /tmp/ts54-concat # Verify that the creds are immutable systemd-run -p LoadCredential=passwd:/etc/passwd \ -p DynamicUser=1 \ --wait \ Found error in /usr/lib/systemd/tests/testdata/units/testsuite-46.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/testsuite-46.sh # filesystems, let's drop these fields before comparing the outputs to # avoid unexpected fails. To see the full outputs of both homectl & # userdbctl (for debugging purposes) drop the fields just before the # comparison. local USERNAME="${1:?missing argument}" homectl inspect "$USERNAME" | tee /tmp/a userdbctl user "$USERNAME" | tee /tmp/b diff -I '/^\s*Disk (Size|Free|Floor|Ceiling):/' /tmp/{a,b} rm /tmp/{a,b} } systemd-analyze log-level debug systemd-analyze log-target console Found error in /usr/lib/systemd/tests/testdata/units/testsuite-44.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/testsuite-44.sh systemd-analyze log-level debug systemd-run --wait -p LogNamespace=foobar echo "hello world" journalctl --namespace=foobar --sync journalctl -o cat --namespace=foobar >/tmp/hello-world journalctl -o cat >/tmp/no-hello-world grep "^hello world$" /tmp/hello-world grep "^hello world$" /tmp/no-hello-world && { echo 'unexpected success'; exit 1; } systemd-analyze log-level info echo OK >/testok Found error in /usr/lib/systemd/tests/testdata/units/testsuite-42.sh: $ grep -A5 -B5 /tmp/ /usr/lib/systemd/tests/testdata/units/testsuite-42.sh systemd-run --unit=exec2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec -p ExecStopPost='/bin/touch /run/exec2' sh -c 'sleep 1; false' \ && { echo 'unexpected success'; exit 1; } test -f /run/exec2 cat >/tmp/forking1.sh </tmp/forking2.sh </tmp/notify1.sh </tmp/F/truncated echo "This should be truncated" >/tmp/F/truncated-with-content systemd-tmpfiles --create - </tmp/F/rw-fs/foo systemd-tmpfiles --create - </tmp/F/rw-fs/foo systemd-tmpfiles --create - < fails. systemd-tmpfiles --create - </tmp/test20-mainpid.sh </run/mainpidsh/pid EOF chmod +x /tmp/test20-mainpid.sh systemd-run --unit=test20-mainpidsh.service -p StandardOutput=tty -p StandardError=tty -p Type=forking -p RuntimeDirectory=mainpidsh -p PIDFile=/run/mainpidsh/pid /tmp/test20-mainpid.sh test "$(systemctl show -P MainPID test20-mainpidsh.service)" -eq "$(cat /run/mainpidsh/pid)" cat >/tmp/test20-mainpid2.sh </run/mainpidsh2/pid chown 1001:1001 /run/mainpidsh2/pid EOF chmod +x /tmp/test20-mainpid2.sh systemd-run --unit=test20-mainpidsh2.service -p StandardOutput=tty -p StandardError=tty -p Type=forking -p RuntimeDirectory=mainpidsh2 -p PIDFile=/run/mainpidsh2/pid /tmp/test20-mainpid2.sh test "$(systemctl show -P MainPID test20-mainpidsh2.service)" -eq "$(cat /run/mainpidsh2/pid)" cat >/dev/shm/test20-mainpid3.sh </tmp/bind systemd-nspawn "${SUSE_OPTS[@]}" --register=no -D "$_root" --bind=/tmp/bind /bin/sh -c 'test -e /tmp/bind' } function check_norbind { # https://github.com/systemd/systemd/issues/13170 local _root="/var/lib/machines/testsuite-13.norbind-path" rm -rf "$_root" mkdir -p /tmp/binddir/subdir echo -n "outer" >/tmp/binddir/subdir/file mount -t tmpfs tmpfs /tmp/binddir/subdir echo -n "inner" >/tmp/binddir/subdir/file /usr/lib/systemd/tests/testdata/create-busybox-container "$_root" systemd-nspawn "${SUSE_OPTS[@]}" --register=no -D "$_root" --bind=/tmp/binddir:/mnt:norbind /bin/sh -c 'CONTENT=$(cat /mnt/subdir/file); if [[ $CONTENT != "outer" ]]; then echo "*** unexpected content: $CONTENT"; return 1; fi' } function check_notification_socket { # https://github.com/systemd/systemd/issues/4944 local _cmd='echo a | $(busybox which nc) -U -u -w 1 /run/host/notify' -- systemd-nspawn "${SUSE_OPTS[@]}" --register=no -D /testsuite-13.nc-container /bin/sh -x -c "$_cmd" systemd-nspawn "${SUSE_OPTS[@]}" --register=no -D /testsuite-13.nc-container -U /bin/sh -x -c "$_cmd" } function check_os_release { local _cmd='. /tmp/os-release if [ -n "${ID:+set}" ] && [ "${ID}" != "${container_host_id}" ]; then exit 1; fi if [ -n "${VERSION_ID:+set}" ] && [ "${VERSION_ID}" != "${container_host_version_id}" ]; then exit 1; fi if [ -n "${BUILD_ID:+set}" ] && [ "${BUILD_ID}" != "${container_host_build_id}" ]; then exit 1; fi if [ -n "${VARIANT_ID:+set}" ] && [ "${VARIANT_ID}" != "${container_host_variant_id}" ]; then exit 1; fi cd /tmp; (cd /run/host; md5sum os-release) | md5sum -c -- # Ensure that /etc always wins if available cp /usr/lib/os-release /etc echo MARKER=1 >>/etc/os-release fi systemd-nspawn "${SUSE_OPTS[@]}" --register=no -D /testsuite-13.nc-container --bind="${_os_release_source}":/tmp/os-release /bin/sh -x -e -c "$_cmd" if grep -q MARKER /etc/os-release; then rm /etc/os-release ln -s ../usr/lib/os-release /etc/os-release fi } function check_machinectl_bind { local _cmd='for i in $(seq 1 20); do if test -f /tmp/marker; then exit 0; fi; sleep 0.5; done; exit 1;' cat >/run/systemd/system/nspawn_machinectl_bind.service </run/systemd/nspawn/testsuite-13.nc-container.nspawn <>/tmp/vm-profile.log; } ROOT_MIN=7 # In Gb VAR_MIN=1 # In Gb mem="$(sed -n '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB; fail xenomai-cobalt-3.1.2-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/xenomai/cobalt/testsuite/dohell: $ grep /tmp/ /usr/lib/xenomai/cobalt/testsuite/dohell else echo netcat or nc not found exit 1 fi seq 1 399999 > /tmp/netcat.data ( while :; do cat /tmp/netcat.data; sleep 15; done | $nc $server $port ) & pids="$!" fi if [ "$mntpoint" ]; then while :; do dd if=/dev/zero of=$mntpoint/bigfile bs=1024000 count=100; sync; done &; fail xfce4-genmon-plugin-4.2.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/xfce4-genmon-plugin-4.2.0/scripts/twit: $ grep /tmp/ /usr/share/doc/xfce4-genmon-plugin-4.2.0/scripts/twit # Default Font = (your choice) # ############################################## ### configurable parameters # debug mode (logged to /tmp/twit-log if set to 1) DEBUG=0 # location of t TWIT_CMD="/home/toz/.gem/ruby/2.4.0/bin/t" # # open twitter in browser window #CLICK_ACTION="xdg-open https://www.twitter.com" # display list of recent tweets in yad dialog CLICK_ACTION="yad --window-icon=$NOTIFICATION_ICON --title Recent\ Twitter\ Timeline --center --width=1200 --height=500 --text-info --show-uri --filename=/tmp/.twit-all-output" # compose a new tweet (untested) #TWEET=$(yad --title "Compose a new message..." --height=200 --width=300 --text-info --editable --wrap) #CLICK_ACTION="t update '$TWEET'" -- ############################################## # don't change anything below ############################################## # check to see if .lastid is valid and if not reset [[ $(cat /tmp/.lastid) =~ ^[0-9]+$ ]] || rm /tmp/.lastid # get last processed ID and timeline if [ -s /tmp/.lastid ] then LASTID=$(cat /tmp/.lastid) $TWIT_CMD timeline -lr -s $LASTID > /tmp/.twit else $TWIT_CMD timeline -lr > /tmp/.twit fi [ $DEBUG -eq 1 ] && echo "01 .lastid=$(cat /tmp/.lastid)" > /tmp/twit-log [ $DEBUG -eq 1 ] && echo "02 LASTID=$LASTID" >> /tmp/twit-log sleep 1 # save the last processed ID cat /tmp/.twit | tail -1 | awk '{print $1}' > /tmp/.lastid if [ ! -s /tmp/.lastid ] then echo $LASTID > /tmp/.lastid fi [ $DEBUG -eq 1 ] && echo "03 new.lastid=$(cat /tmp/.lastid)" >> /tmp/twit-log # get number of new tweets num_tweets=$(cat /tmp/.twit | wc -l) [ $DEBUG -eq 1 ] && echo "04 num_tweets=$num_tweets" >> /tmp/twit-log # get the contents of the new tweets mapfile -t ids < <(awk '{print $1}' /tmp/.twit) mapfile -t from < <(awk '{print $5}' /tmp/.twit) mapfile -t text < <(awk '{for(i=6;i<=NF;i++){printf "%s ", $i}; printf "\n"}' /tmp/.twit) toolstr=$(for (( i=0; i<$num_tweets; i++ )); do echo "${from[i]} >> ${text[i]}"; echo ""; done) [ $DEBUG -eq 1 ] && echo "05 toolstr=$toolstr" >> /tmp/twit-log ##### set default plugin icon file and notify of new tweets #set default icon file to no new emails ICON_FILE="$NOTWEETS" [ $DEBUG -eq 1 ] && echo "06 ICON_FILE=$ICON_FILE" >> /tmp/twit-log if [ $num_tweets -gt 0 ]; then [ $DEBUG -eq 1 ] && echo "07 num_tweets > 0" >> /tmp/twit-log # set icon file to new emails image ICON_FILE="$NEWTWEETS" [ $DEBUG -eq 1 ] && echo "08 ICON_FILE=$ICON_FILE" >> /tmp/twit-log for (( i=0; i<$num_tweets; i++ )) do [ $DEBUG -eq 1 ] && echo "09 sending notification" >> /tmp/twit-log notify-send -i "$NOTIFICATION_ICON" "$(echo ${from[i]} | sed -r 's/[&]+/&/g')" "$(echo ${text[i]} | sed -r 's/[&]+/&/g')" done fi # append current to the all file if [ -s /tmp/.twit-all ] then cat /tmp/.twit /tmp/.twit-all > /tmp/.twit-tmp && mv /tmp/.twit-tmp /tmp/.twit-all else cat /tmp/.twit > /tmp/.twit-tmp && mv /tmp/.twit-tmp /tmp/.twit-all fi # format the output cat /tmp/.twit-all | awk '{ printf("%s %- 16s", $4, $5); out=$6; for(i=7;i<=NF;i++){out=out" "$i}; print out}' > /tmp/.twit-all-output # get last checked time stamp last_checked=$(date) # prepare tooltip string (to show last NUM_TOOLTIP_TWEETS) if [ -s /tmp/.twit-all ] then mapfile -t from2 < <(awk '{print $5}' /tmp/.twit-all) mapfile -t text2 < <(awk '{for(i=6;i<=NF;i++){printf "%s ", $i}; printf "\n"}' /tmp/.twit-all) toolstr2=$(for (( i=$num_tweets; i<$NUM_TOOLTIP_TWEETS; i++ )); do if [ "${from2[i]}" != "" ]; then echo "${from2[i]} >> ${text2[i]}"; echo ""; fi; done) fi [ $DEBUG -eq 1 ] && echo "10 toolstr2=$toolstr2" >> /tmp/twit-log ##### do the genmon if [ $TOOLTIP_NEW_TWEETS_ONLY -eq 0 ] then if [ $num_tweets -gt 0 ] then [ $DEBUG -eq 1 ] && echo "11 genmon:num_tweets > 0" >> /tmp/twit-log echo "$ICON_FILE $CLICK_ACTION New tweets: -- $toolstr2 Last checked: $last_checked" else [ $DEBUG -eq 1 ] && echo "12 genmon:num_tweets = 0" >> /tmp/twit-log echo "$ICON_FILE $CLICK_ACTION Recent tweets: -- else if [ $num_tweets -gt 0 ] then [ $DEBUG -eq 1 ] && echo "11 genmon:num_tweets > 0" >> /tmp/twit-log echo "$ICON_FILE $CLICK_ACTION New tweets: $toolstr Last checked: $last_checked" else [ $DEBUG -eq 1 ] && echo "12 genmon:num_tweets = 0" >> /tmp/twit-log echo "$ICON_FILE $CLICK_ACTION No new tweets. -- fi fi [ $DEBUG -eq 1 ] && echo "13 $(date)" >> /tmp/twit-log # purge old tweets from list KEEPEPOCHLIMIT=$(( $(date +%s) - $KEEP_TIME )) while IFS= read -r line do if [[ $(date --date="$(echo "$line" | awk '{print $2" "$3" "$4}')" +%s) -gt $KEEPEPOCHLIMIT ]] then echo "$line" >> /tmp/.twit-all.new fi done < "/tmp/.twit-all" mv /tmp/.twit-all.new /tmp/.twit-all unset ids from text from2 text2 exit 0 Found error in /usr/share/doc/xfce4-genmon-plugin-4.2.0/scripts/gmail: $ grep -A5 -B5 /tmp/ /usr/share/doc/xfce4-genmon-plugin-4.2.0/scripts/gmail ############################################## # don't change anything below ############################################## # get and save the atom feed curl -u "$USERNAME":"$PASSWORD" --silent "https://mail.google.com/mail/feed/atom" > /tmp/.gmail # get number of unread messages num_messages=$(grep -oP "(?<=)[^<]+" /tmp/.gmail) # get last checked time last_checked=$(grep -oP "(?<=)[^<]+" /tmp/.gmail | TZ=$TIMEZONE date +'%r') # get ids, senders and subjects mapfile -t ids < <(grep -oP "(?<=)[^<]+" /tmp/.gmail | awk -F":" '{print $3}') mapfile -t names < <(grep -oP "(?<=)[^<]+" /tmp/.gmail) mapfile -t subjects < <(grep -oP "(?<=)[^<]+" /tmp/.gmail | grep -v Gmail) # prepare tooltip string out=$(for (( i=0; i<$num_messages; i++ )); do echo "${names[i]} - ${subjects[i]}#"; done) toolstr="$(echo $out | sed -e 's/\# /\n/g' | sed -e 's/\#//g')" # check to see if there are new, new messages (only notify if something new has arrived) new_msgs=0 if [ $num_messages -gt 0 ]; then if [ -a /tmp/.gmail.lastid ]; then if [ "${ids[0]}" != "$(cat /tmp/.gmail.lastid)" ]; then echo ${ids[0]} > /tmp/.gmail.lastid let new_msgs=1 fi else echo ${ids[0]} > /tmp/.gmail.lastid let new_msgs=1 fi fi; info bash3-examples-3.2.57-alt5.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bash3-3.2.57/examples/scripts/bcsh.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/scripts/bcsh.sh ;; esac trap ':' 2 trap exit 3 trap "tail -n $savehist $histfile>/tmp/hist$$;uniq /tmp/hist$$ > $histfile;\ rm -f /tmp/*$$;exit 0" 15 getcmd=yes mailcheck= exclaim= echoit= -- while test "$line" != "end"; do echo $n "$PS2$c" read line cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ ed - /tmp/bcsh$$ << ++++ s/end/done/ s/foreach[ ]$.*$(/for \1 in / s/)// s/;/;do / w -- line=done ;; esac cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ ;; if[\ \ ]*) while test "$line" != "fi" && test "$line" != "endif" do echo $n "$PS2$c" -- line=fi ;; esac cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ case "`grep then /tmp/bcsh$$`" in "") # fix 'if foo bar' cases ed - /tmp/bcsh$$ << ++++ s/)/);then/ s/.*/;fi/ w ++++ ;; -- echo $n "$PS2$c" read line cmd="${cmd}@$line" done cmd="`echo \"$cmd\" | tr '@' ' '`" echo "$cmd" > /tmp/bcsh$$ ;; switch[\ \ ]*) while test "$line" != "endsw" do echo $n "$PS2$c" read line cmd="${cmd}@$line" done echo "$cmd" > /tmp/bcsh$$ ed - /tmp/bcsh$$ << '++++' 1,$s/@/\ /g g/switch.*(/s//case "/ s/)/" in/ 1,$s/case[ ]$.*$:$/;;\ -- g/breaksw/s/// 1,$s/default.*/;;\ *)/ w ++++ cmd="`cat /tmp/bcsh$$`" ;; *!*) hist=yes ;; esac -- echoit=yes getcmd=no continue ;; *~e) echo "$cmd" | sed -e "s@~e@@" > /tmp/bcsh$$ $EDITOR /tmp/bcsh$$ cmd="`cat /tmp/bcsh$$`" getcmd=no continue ;; *~v) echo "$cmd" | sed -e "s@~v@@" > /tmp/bcsh$$ echo "$lastcmd" > /tmp/bcsh$$ $VISUAL /tmp/bcsh$$ cmd="`cat /tmp/bcsh$$`" getcmd=no continue ;; exec[\ \ ]*) tail -n $savehist $histfile>/tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ ;; login[\ \ ]*|newgrp[\ \ ]*) tail -n $savehist $histfile>/tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ ;; logout|exit|bye) if test -s "$logoutfile" then # sh $logoutfile $SHELL $logoutfile fi tail -n $savehist $histfile > /tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ exit 0 ;; h|history) grep -n . $histfile | tail -n $history | sed -e 's@:@ @' | $PAGER continue -- continue ;; source[\ \ ]*) set - $cmd shift echo . $* > /tmp/cmd$$ . /tmp/cmd$$ run=no ;; wait) wait run=no ;; .[\ \ ]*) echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ run=no ;; cd|cd[\ \ ]*) # check if it will work first, or else this shell will terminate # if the cd dies. If you have a built-in test, you might want # to replace the try-it-and-see below with a couple of tests, # but it is probably just as fast like this. echo $cmd > /tmp/cmd$$ if ($SHELL /tmp/cmd$$) ; then . /tmp/cmd$$ fi run=no ;; awk[\ \ ]*|dd[\ \ ]*|cc[\ \ ]*|make[\ \ ]*) # these are the only commands I can think of whose syntax # includes an equals sign. Add others as you find them. echo "$cmd" > /tmp/bcsh$$ ;; setenv*|*=*) # handle setting shell variables, turning cshell syntax to Bourne # syntax -- note all variables must be exported or they will not # be usable in other commands echo "$cmd" > /tmp/cmd$$ ed - /tmp/cmd$$ << ++++ g/^setenv[ ]/s/[ ]/@/ g/^setenv@/s/[ ]/=/ g/^setenv@/s/// g/^set/s/// .t. \$s/=.*// s/^/export / w ++++ . /tmp/cmd$$ rm -f /tmp/cmd$$ run=no ;; unset[\ \ ]*|umask[\ \ ]*|export[\ \ ]*|set[\ \ ]*) # handle commands which twiddle current environment -- continue ;; esac ;; *) echo "$cmd" > /tmp/bcsh$$ ;; esac ;; no) echo "$cmd" > /tmp/bcsh$$ ;; esac ;; esac -- ;; *) case "$exclaim" in yes) cmd="`echo \"$cmd\" | sed -e 's@REALEXCLAMATIONMARK@!@g'`" echo "$cmd" > /tmp/bcsh$$ ;; esac case "$echoit" in yes) echo $cmd -- yes) case "${noclobber+yes}" in yes) case "$cmd" in *\>![\ \ ]*) ed - /tmp/bcsh$$ << ++++ g/>!/s//>/ w ++++ ;; *\>\>*) -- read answer case "$answer" in y*) ;; *) echo ':' > /tmp/bcsh$$ ;; esac ;; *) echo "${outfile}: file exists" echo ':' > /tmp/bcsh$$ ;; esac fi ;; esac -- esac ;; *) case "$cmd" in *\>![\ \ ]*) ed - /tmp/bcsh$$ << ++++ g/>!/s//>/g w ++++ ;; esac ;; esac (trap 'exit 1' 2 3; $BASH /tmp/bcsh$$) ;; esac case "$cmd" in $lastcmd) ;; Found error in /usr/share/doc/bash3-3.2.57/examples/misc/cshtobash: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/cshtobash # zsh-3.0. # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.? cshout cshin' 0 1 2 3 6 15 T=$'\t' SOURCE="${1:+source $1}" cat << EOF >cshin $SOURCE alias >! /tmp/cb$$.a setenv >! /tmp/cb$$.e set >! /tmp/cb$$.v EOF # give csh a minimal environment, similar to what login would provide /usr/bin/env - USER=$USER HOME=$HOME PATH=/usr/bin:/bin:/usr/ucb:. TERM=$TERM SHELL=$SHELL /bin/csh -i < ./cshin > cshout 2>&1 # First convert aliases cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- *) echo alias ${1}=\'$(echo "${2}" | sed "s:':'\\\\'':")\' ;; esac } EOF sed "s/^$[a-zA-Z0-9_]*$$T$.*$$/mkalias \1 '\2'/" < /tmp/cb$$.a >>/tmp/cb$$.1 echo '# csh aliases' echo $BASH /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g' -- # Would be nice to deal with embedded newlines, e.g. in TERMCAP, but ... sed -e '/^SHLVL/d' \ -e '/^PWD/d' \ -e "s/'/'"\\\\"''"/g \ -e "s/^$[A-Za-z0-9_]*=$/export \1'/" \ -e "s/$/'/" < /tmp/cb$$.e # Finally, convert local variables echo echo '# csh variables' echo -- sed -e 's/'"$T"'/=/' \ -e "s/'/'"\\\\"''"/g \ -e '/^[A-Za-z0-9_]*=[^(]/{ s/=/='"'/"' s/$/'"'/"' }' < /tmp/cb$$.v | sed -e '/^argv=/d' -e '/^cwd=/d' -e '/^filec=/d' -e '/^status=/d' \ -e '/^verbose=/d' \ -e '/^term=/d' \ -e '/^home=/d' \ -e '/^path=/d' \ -- # now some special csh variables converted to bash equivalents echo echo '# special csh variables converted to bash equivalents' echo sed -e 's/'"$T"'/=/' < /tmp/cb$$.v | grep "^cdpath=" | sed 's/(// s/ /:/g s/)// s/cdpath=/CDPATH=/' sed -e 's/'"$T"'/=/' < /tmp/cb$$.v | grep "^mail=" | sed 's/(// s/ /:/g s/)// s/mail=/MAILPATH=/' | Found error in /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.sh # usage: aliasconv.sh # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.?' 0 1 2 3 6 15 T=' ' cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- # the first thing we want to do is to protect single quotes in the alias, # since they whole thing is going to be surrounded by single quotes when # passed to mkalias sed -e "s:':\\'\\\'\\':" -e "s/^$[a-zA-Z0-9_-]*$$T$.*$$/mkalias \1 '\2'/" >>/tmp/cb$$.1 sh /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g' Found error in /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.bash: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.bash # usage: aliasconv.bash # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.?' 0 1 2 3 6 15 T=$'\t' cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- # the first thing we want to do is to protect single quotes in the alias, # since they whole thing is going to be surrounded by single quotes when # passed to mkalias sed -e "s:':\\'\\\'\\':" -e "s/^$[a-zA-Z0-9_-]*$$T$.*$$/mkalias \1 '\2'/" >>/tmp/cb$$.1 $BASH /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g'; info menu-2.1.41-alt22.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/menu-2.1.41/examples/cat: $ grep /tmp/ /usr/share/doc/menu-2.1.41/examples/cat #!/bin/sh cat > /tmp/menu-stdin exit 0 #In the good old days of menu-0 compatibility, one had to use: # #This file can be very usefull when you want to run one particular # #menu-method file several times, without running any of the others. # #In order to do so, do: # # - cp ./cat /etc/menu-methods/ # # - run update-menus so that the "cat" menu-method gets executed. # # Now you've got /tmp/menu-stdin. # # - With this file, you don't need update-menus at all any more, and you # # can symply run your hand-written "menu-test" menu-method by typing: # # ./menu-test < /tmp/menu-stdin # # # # The advantage of doing this is # # - none of the other menu-method files get excecuted (speedup) # # - update-menus doesn't need to open some hundred menu-entry files # # every time you test a change in your menu-method file. # # (speedup) # compat="menu-1" # command="cat > /tmp/menu-stdin"; info python3-module-dialog-3.4.0-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py: $ grep /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \ Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py: $ grep /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \;