golang-misc-1.15.15-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/golang/misc/arm/a: $ grep -A5 -B5 /tmp/ /usr/lib/golang/misc/arm/a fi } # adb does not correctly return the exit value of the executed program. use this # wrapper to manually extract the exit value rloc=/data/local/tmp/retval rsize=$(adb shell "ls -l $rloc"|tr -s ' '|cut -d' ' -f4) rcheck=38 if [ "$rsize" != "$rcheck" ]; then # echo "debug: retval size incorrect want $rcheck, got $rsize. uploading" echo >/tmp/adb.retval '#!/system/bin/sh "$@" echo RETVAL: $?' adb push /tmp/adb.retval $rloc >/dev/null 2>&1 adb shell chmod 755 $rloc fi # run the main binary if [ "-g" == "$1" ]; then adb forward tcp:$2 tcp:$2 args=$(echo $*| cut -d' ' -f4-) adb push $3 /data/local/tmp/$3 >/dev/null 2>&1 adb shell "$(exp GOARCH) $(exp GOTRACEBACK) $(exp GOGC) \ gdbserver :$2 /data/local/tmp/retval /data/local/tmp/$3 $args" \ 2>&1|tr -d '\r' |tee /tmp/adb.out|grep -v RETVAL else if [ "$*" != "$1" ]; then args=$(echo $*| cut -d' ' -f2-) fi adb push $1 /data/local/tmp/$1 >/dev/null 2>&1 adb shell "$(exp GOARCH) $(exp GOTRACEBACK) $(exp GOGC) \ /data/local/tmp/retval /data/local/tmp/$1 $args" \ 2>&1|tr -d '\r' |tee /tmp/adb.out|grep -v RETVAL fi exit $(grep RETVAL /tmp/adb.out|tr -d '\n\r'| cut -d' ' -f2);