xfstests-2023.05.28-alt1.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/xfstests/tests/generic/722: $ grep -A5 -B5 /tmp/ /usr/lib/xfstests/tests/generic/722 old_a=$(md5sum $SCRATCH_MNT/a | awk '{print $1}') old_b=$(md5sum $SCRATCH_MNT/b | awk '{print $1}') echo "md5 a: $old_a md5 b: $old_b" >> $seqres.full od -tx1 -Ad -c $SCRATCH_MNT/a > /tmp/a0 od -tx1 -Ad -c $SCRATCH_MNT/b > /tmp/b0 echo swap >> $seqres.full $XFS_IO_PROG -c "swapext -v vfs -a -e -f -u $SCRATCH_MNT/a" $SCRATCH_MNT/b _scratch_shutdown _scratch_cycle_mount -- echo "md5 a: $new_a md5 b: $new_b" >> $seqres.full test $old_a = $new_b || echo "scratch file B doesn't match old file A" test $old_b = $new_a || echo "scratch file A doesn't match old file B" od -tx1 -Ad -c $SCRATCH_MNT/a > /tmp/a1 od -tx1 -Ad -c $SCRATCH_MNT/b > /tmp/b1 # success, all done echo Silence is golden status=0 exit Found error in /usr/lib/xfstests/tests/btrfs/005: $ grep -A5 -B5 /tmp/ /usr/lib/xfstests/tests/btrfs/005 for i in `seq $cnt -1 0`; do dd if=/dev/zero of=$tmpfile bs=4k count=1 \ conv=notrunc seek=$i oflag=sync &>/dev/null done # get md5sum md5sum $tmpfile > /tmp/checksum } _btrfs_online_defrag() { str="" -- fi } _checksum() { md5sum -c /tmp/checksum > /dev/null 2>&1 if [ $? -ne 0 ]; then echo "md5 checksum failed!" fi };