fail CanFestival-3-source-2015.08.03-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/src/CanFestival-3/configure: $ grep -A5 -B5 /tmp/ /usr/src/CanFestival-3/configure ########################################################################### if [ "$SUB_WX" = "" ]; then if which wx-config >/dev/null 2>&1; then echo -n "Testing wxWidgets compiles ... " cat > /tmp/wx_test.cpp </dev/null 2>&1 ; then SUB_WX=1 echo "Yes" else SUB_WX=0 echo "No" fi rm -f /tmp/wx_test* else SUB_WX=0 echo "No wxWidgets available" fi fi; fail GMT-5.4.5-alt1_1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/gmt_shell_functions.sh: $ grep -A5 -B5 /tmp/ /usr/bin/gmt_shell_functions.sh cat <<- EOF > doc.kml EOF ls kml/*.kml > /tmp/$$.lis while read file; do cat <<- EOF >> doc.kml $file $file EOF done < /tmp/$$.lis cat <<- EOF >> doc.kml EOF zip -rq9 $name.kmz doc.kml kml if [ $remove -eq 0 ]; then mv -f kml/* .. fi rm -rf kml doc.kml /tmp/$$.lis } # For animations: Build animated gif from stills gmt_build_gif() { if [ $# -eq 0 ]; then -- usage: gmt_launch_jobs [-c ] [-l ] [-n] [-v] [-w] is a file with a list of all the commands -c Specify how many separate cores to use [$n_cpu] -l Specify how many lines constitute one job cluster [1] -n Dry-run. Do not launch jobs but leave core scripts as /tmp/gmt_launch_jobs.##.sh -r Remove core scripts when the jobs complete -v Verbose. Give progress messages -w Wait for completion of all core jobs before exiting EOF return -- *) echo "gmt_launch_jobs: No such option ($1)" >&2 ;; esac shift done egrep -v '^#|^$' $1 > /tmp/$$.sh nL=`wc -l /tmp/$$.sh | awk '{printf "%d\n", $1}'` n_chunks=`gmt math -Q $nL $n_lines DIV =` bad=`gmt math -Q $n_chunks DUP RINT SUB ABS 1e-10 GT =` if [ $bad -eq 1 ]; then echo "gmt_launch_jobs: Your number of commands is not a multiple of $n_lines" >&2 exit 1 -- tag="."$$ fi # Create n_cpu empty files for execution let cpu=0 while [ $cpu -lt $n_cpu ]; do printf "#!/bin/bash\n# gmt_launch_jobs command file chunk # ${cpu}\n#---------------------------------\n" > /tmp/gmt_launch_jobs${tag}.$cpu.sh let cpu=cpu+1 done # Distribute $n_lines from the commands across these core scripts let chunk=0; let cpu=0; let sub=n_lines-1; let last=0 while [ $chunk -lt $n_chunks ]; do let last=last+n_lines let first=last-sub sed -n ${first},${last}p /tmp/$$.sh >> /tmp/gmt_launch_jobs${tag}.$cpu.sh let cpu=cpu+1 if [ $cpu -eq $n_cpu ]; then let cpu=0 fi let chunk=chunk+1 done # Launch the $n_cpu scripts let cpu=0 while [ $cpu -lt $n_cpu ]; do if [ $blabber -eq 1 ]; then echo "gmt_launch_jobs: Starting /tmp/gmt_launch_jobs${tag}.$cpu.sh" >&2 fi if [ $do_remove -eq 1 ]; then echo "rm -f /tmp/gmt_launch_jobs${tag}.$cpu.sh" >> /tmp/gmt_launch_jobs${tag}.$cpu.sh fi if [ $dryrun -eq 0 ]; then bash /tmp/gmt_launch_jobs${tag}.$cpu.sh & fi let cpu=cpu+1 done rm -f /tmp/$$.sh if [ $do_wait -eq 1 ] && [ $dryrun -eq 0 ]; then wait # Wait until all jobs launched by this script have completed if [ $blabber -eq 1 ]; then echo "gmt_launch_jobs: All $n_cpu jobs completed" >&2 fi; fail GMT-common-5.4.5-alt1_1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/gmt/tools/gmt_prepmex.sh: $ grep -A5 -B5 /tmp/ /usr/share/gmt/tools/gmt_prepmex.sh # First get a reliable absolute path to the bundle's top directory pushd `dirname $0` > /dev/null BUNDLEDIR=`pwd | sed -e sB/Contents/Resources/share/toolsBBg` popd > /dev/null # Set path to the new gmt installation MEXGM5TDIR=/tmp/$$/gmt # Set path to additional subdirectories MEXLIBDIR=$MEXGM5TDIR/lib MEXINCDIR=$MEXGM5TDIR/include MEXSHADIR=$MEXGM5TDIR/share MEXBINDIR=$MEXGM5TDIR/bin -- cp -r etc usr $MEXBINDIR # Now copy the lib files printf "gmt_prepmex.sh: Copy and rename libraries\n" >&2 cd $BUNDLEDIR/Contents/Resources/lib # Find a list of all libs shipped with the OSX bundle, except our own: ls *.dylib | egrep -v 'libgmt.dylib|libpostscriptlight.dylib' > /tmp/l.lis # For each, duplicate into /opt/gmt but add a leading X to each name while read lib; do new=`echo $lib | awk '{printf "libX%s\n", substr($1,4)}'` cp $lib $MEXLIBDIR/$new done < /tmp/l.lis # Copy the supplement shared plugin cp gmt/plugins/supplements.so $MEXLIBDIR/gmt/plugins cd $MEXLIBDIR ls *.dylib > /tmp/l.lis printf "gmt_prepmex.sh: Rebaptize libraries\n" >&2 # For all libs in $MEXLIBDIR, change internal references to contain the leading "X" while read lib; do otool -L $lib | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=`echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}'` if [ $k -eq 1 ]; then # Do the id change was=`echo $lib | awk -F/ '{print substr($1,4)}'` install_name_tool -id /opt/gmt/lib/$new $lib else install_name_tool -change $old /opt/gmt/lib/$new $lib fi let k=k+1 done < /tmp/t.lis done < /tmp/l.lis # Set links to the new libs ln -s libXgmt.dylib libgmt.dylib ln -s libXpostscriptlight.dylib libpostscriptlight.dylib ln -s libXgmt.5.dylib libXgmt.dylib ln -s libXpostscriptlight.5.dylib libXpostscriptlight.dylib -- fi fi # Do plugin supplement separately since not called lib* cd gmt/plugins otool -L supplements.so | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=`echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}'` install_name_tool -change $old /opt/gmt/lib/$new supplements.so let k=k+1 done < /tmp/t.lis # Do bin dir cd $MEXBINDIR otool -L gmt | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=`echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}'` install_name_tool -change $old /opt/gmt/lib/$new gmt let k=k+1 done < /tmp/t.lis chmod -R ugo+r $MEXGM5TDIR printf "gmt_prepmex.sh: Install /opt/gmt\n" >&2 sudo cp -fpR $MEXGM5TDIR /opt rm -rf /tmp/$$ cd $here version=`/opt/gmt/bin/gmt-config --version` # Report cat << EOF >&2 gmt_prepmex.sh: Made updated GMT $version installation in /opt/gmt Found error in /usr/share/gmt/tools/gmt_make_custom_code.sh: $ grep -A5 -B5 /tmp/ /usr/share/gmt/tools/gmt_make_custom_code.sh # Make sure we get both upper- and lower-case versions of the tag U_TAG=`echo $LIB | tr '[a-z]' '[A-Z]'` L_TAG=`echo $LIB | tr '[A-Z]' '[a-z]'` # Look in current dir grep "#define THIS_MODULE_LIB" *.c | awk -F: '{print $1}' | sort > /tmp/tmp.lis rm -f /tmp/NAME.lis /tmp/LIB.lis /tmp/PURPOSE.lis /tmp/KEYS.lis /tmp/all.lis while read program; do grep "#define THIS_MODULE_NAME" $program | awk '{print $3}' | sed -e 's/"//g' >> /tmp/NAME.lis grep "#define THIS_MODULE_LIB" $program | awk '{print $3}' | sed -e 's/"//g' >> /tmp/LIB.lis grep "#define THIS_MODULE_PURPOSE" $program | sed -e 's/#define THIS_MODULE_PURPOSE//g' | awk '{print $0}' >> /tmp/PURPOSE.lis grep "#define THIS_MODULE_KEYS" $program | sed -e 's/#define THIS_MODULE_KEYS//g' | awk '{print $0}' >> /tmp/KEYS.lis done < /tmp/tmp.lis # Prepend group+name so we can get a list sorted on group name then individual programs paste /tmp/LIB.lis /tmp/NAME.lis | awk '{printf "%s%s|%s\n", $1, $2, $2}' > /tmp/SORT.txt paste /tmp/SORT.txt /tmp/LIB.lis /tmp/PURPOSE.lis /tmp/KEYS.lis | sort -k1 > /tmp/SORTED.txt awk -F"|" '{print $2}' /tmp/SORTED.txt > /tmp/$LIB.txt rm -f /tmp/tmp.lis /tmp/NAME.lis /tmp/LIB.lis /tmp/PURPOSE.lis /tmp/KEYS.lis /tmp/SORTED.txt /tmp/SORT.txt # Extract the extension purpose string from CMakeLists.txt LIB_STRING=`grep LIB_STRING CMakeLists.txt | awk -F= '{print $NF}'` # The output file produced -- /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var Declaration modifiers for DLL support (MSC et al) etc/ usr/ #include "declspec.h" /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var Prototypes of all modules in the GMT ${L_TAG} library etc/ usr/ EOF gawk '{printf "EXTERN_MSC int GMT_%s (void *API, int mode, void *args);\n", $1;}' /tmp/$LIB.txt >> ${FILE_CUSTOM_MODULE_H} cat << EOF >> ${FILE_CUSTOM_MODULE_H} /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var Pretty print all modules in the GMT ${L_TAG} library and their purposes etc/ usr/ EXTERN_MSC void gmt_${L_TAG}_module_show_all (void *API); /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var List all modules in the GMT ${L_TAG} library to stdout etc/ usr/ -- gawk ' BEGIN { FS = "\t"; } { printf "\t{\"%s\", \"%s\", %s, %s},\n", $1, $2, $4, $6; }' /tmp/$LIB.txt >> ${FILE_CUSTOM_MODULE_C} cat << EOF >> ${FILE_CUSTOM_MODULE_C} {NULL, NULL, NULL, NULL} /ALT /bin /boot /dev /etc /home /lib /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /selinux /srv /sys /tmp /usr /var last element == NULL detects end of array etc/ usr/ }; EOF; fail GMT-doc-5.4.5-alt1_1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/gmt/supplements/misc/dim.template.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/gmt/supplements/misc/dim.template.sh if [ ! -f $ors ]; then mkdir -p $orsout gmt grdcut $bathy $box -G/tmp/$$.t.nc # the area of interest # A.1. Set filter parameters for an equidistant set of filters: minW= # Minimum filter width candidate for ORS (e.g., 60) in km maxW= # Maximum filter width candidate for ORS (e.g., 600) in km intW= # Filter width step (e.g., 20) in km -- STEP=`gmt gmtmath -T$minW/$maxW/$intW -N1/0 =` for width in $STEP do echo "W = $width km" gmt dimfilter $bathy $box -G/tmp/$$.dim.nc -F${dim_filter}${width} -D${dim_dist} -N${dim_quantity}${dim_sectors} # DiM filter gmt grdfilter /tmp/$$.dim.nc -G$orsout/dim.${width}.nc -F${dim_smooth_type}${dim_smooth_width} -D${dim_dist} # smoothing gmt grdmath /tmp/$$.t.nc $orsout/dim.${width}.nc SUB = /tmp/$$.sd.nc # residual from DiM gmt grdvolume /tmp/$$.sd.nc -Sk -C$level -Vl | awk '{print r,$2,$3,$4}' r=${width} >> $ors # ORS from DiM done fi # B) Compute DiM-based regional -- let n_widths=0 for i in $width do if [ ! -f $orsout/dim.${i}.nc ]; then echo "filtering W = ${i} km" gmt dimfilter $bathy $box -G/tmp/$$.dim.nc -F${dim_filter}${i} -D${dim_dist} -N${dim_quantity}${dim_sectors} # DiM filter gmt grdfilter /tmp/$$.dim.nc -G$orsout/dim.${i}.nc -F${dim_smooth_type}${dim_smooth_width} -D${dim_dist} # smoothing fi if [ ! -f $alldepth ]; then gmt grd2xyz -Z $orsout/dim.${i}.nc > /tmp/$$.${i}.depth fi let n_widths=n_widths+1 done if [ ! -f $alldepth ]; then paste /tmp/$$.*.depth > /tmp/$$.t.depth # the number of columns can be different for each case awk '{print $1," ",$2," ",$3," ",$4," ",$5," ",$6," ",$7," ",$8," ",$9}' /tmp/$$.t.depth > $alldepth awk '{for (k = 1; k <= '"$n_widths"', k++) print $1," ",$2," ",$3," ",$4," ",$5," ",$6," ",$7," ",$8," ",$9}' /tmp/$$.t.depth > $alldepth gmt grd2xyz $bathy $box -V > $bathy.xyz fi gmt dimfilter $alldepth -Q${n_widths} > /tmp/$$.out wc -l /tmp/$$.out $bathy.xyz paste $bathy.xyz /tmp/$$.out | awk '{print $1,$2,$4}' > /tmp/$$.dim.xyz paste $bathy.xyz /tmp/$$.out | awk '{print $1,$2,$5}' > /tmp/$$.err.xyz gmt xyz2grd /tmp/$$.dim.xyz -G$dim -I1m $box -V -r gmt xyz2grd /tmp/$$.err.xyz -G$err -I1m $box -V -r fi; fail alterator-mass-management-0.1.7-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/mass-management: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/mass-management mkdir -p "$TASKS_DIR/task-$number" cat >"$TASKS_DIR/task-$number.yml" <> /tmp/mode.log echo "$(set|grep -a "in_")" >> /tmp/mode.log case "$in_action" in type) write_type_item hostlist hostname-list #write_type_item add_host hostname ;;; fail alterator-net-domain-0.7.1-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/net-domain: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/net-domain ## https://www.altlinux.org/ActiveDirectory/DC ad_provision_domain() { local domain_name="$1" shift local log="/tmp/samba-dc-provision-$(date +%d.%m.%Y-%H:%M:%S)-$domain_name.log" # Begin log date > "$log" echo "Domain: $domain_name" >> "$log" echo >> "$log" -- if [ "$in_domain_type" = 'ad' ]; then if ipa_install_running; then ipa_install_stop fi env > /tmp/net-domain.txt ad_current_domain="$($samba_tool domain info '127.0.0.1' | sed 's/ *: /:/' | sed -n 's/^Domain://p')" # Check creation of existing domain if [ "$ad_current_domain" != "$in_domain" ]; then write_domain "$in_domain" "1"; fail alterator-netinst-1.9.1-alt4.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/netinst: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/netinst elif [ -n "$in_add" ]; then [ "$in_get_from" = "url" ] && run_localized alterator-netinst -A "$in_add_url" || run_localized alterator-netinst -A "cdrom:" else set >> /tmp/log if [ -n "$in_vnc" ]; then if [ "$in_vnc" = '#t' ] ; then vnc= headless= [ "$in_headless" = '#t' ] && headless='headless'; fail alterator-pkg-2.7.6-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/pkg-size: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/pkg-size echo "pkg-size:start" local tmpfile="$(make_manifest $in_lists)" if [ -s "$tmpfile" ]; then stderr_handler & echo "n"|apt-get --simple-output install --manifest "$tmpfile" 2>> /tmp/install2.log || rc=$? else echo "apt-get:status:disk-size:0k" fi rm -f "$tmpfile" echo "pkg-size:finish:$rc" Found error in /usr/lib/alterator/backend3/pkg-install: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/pkg-install write) [ -z "$AUTOINSTALL" ] || in_auto='#t' case "$in__objects" in /) if test_bool "$in_auto"; then make_apt < /dev/null &> /tmp/pkg-install.log else start_pipe &> /tmp/pkg-install.log fi ;; notify) write_pipe "$in_message" ;;; fail asterisk-15.6.1-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/asterisk/scripts/ast_loggrabber: $ grep -A5 -B5 /tmp/ /usr/share/asterisk/scripts/ast_loggrabber # Timestamp to use for output files df=${tarball_uniqueid:-$(${DATEFORMAT})} # Extract the Python timestamp conver script from the end of this # script and save it to /tmp/.ast_tsconvert.py ss=`egrep -n "^#@@@SCRIPTSTART@@@" $0 |cut -f1 -d:` tail -n +${ss} $0 >/tmp/.ast_tsconvert.py tmpdir=$(mktemp -d) if [ -z "$tmpdir" ] ; then echo "${prog}: Unable to create temporary directory." exit 1 -- destdir="$tmpdir/$tardir/$(dirname $lf)" destfile="$tmpdir/$tardir/$lf" mkdir -p "$destdir" 2>/dev/null || : if [ -n "$LOG_DATEFORMAT" ] ; then echo "Converting $lf" cat "$lf" | python /tmp/.ast_tsconvert.py --format="$LOG_DATEFORMAT" --timezone="$LOG_TIMEZONE" > "${destfile}" else echo "Copying $lf" cp "$lf" "${destfile}" fi done echo "Creating /tmp/$tardir.tar.gz" tar -czvf /tmp/$tardir.tar.gz -C $tmpdir $tardir 2>/dev/null exit # Be careful editng the inline scripts. # They're space-indented.; fail bacula11-director-common-11.0.5-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bacula11-director-common-11.0.5/updatedb/update_mysql_tables_11_to_12: $ grep -A5 -B5 /tmp/ /usr/share/doc/bacula11-director-common-11.0.5/updatedb/update_mysql_tables_11_to_12 echo " " bindir=/usr/bin PATH="$bindir:$PATH" db_name=${db_name:-bacula} mysql $* -D ${db_name} -e "select VersionId from Version\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` if [ $DBVERSION != 11 ] ; then echo " " echo "The existing database is version $DBVERSION !!" echo "This script can only update an existing version 11 database to version 12." echo "Error. Cannot upgrade this database."; fail bacula11-director-mysql-11.0.5-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/bacula/scripts/update_mysql_tables: $ grep -A5 -B5 /tmp/ /usr/share/bacula/scripts/update_mysql_tables ARGS=$* getVersion() { mysql $ARGS -D ${db_name} -e "select VersionId from Version LIMIT 1\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` } getVersion if [ "x$DBVERSION" = x ]; then; fail bacula9-director-common-9.6.7-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bacula9-director-common-9.6.7/updatedb/update_mysql_tables_11_to_12: $ grep -A5 -B5 /tmp/ /usr/share/doc/bacula9-director-common-9.6.7/updatedb/update_mysql_tables_11_to_12 echo " " bindir=/usr/bin PATH="$bindir:$PATH" db_name=${db_name:-bacula} mysql $* -D ${db_name} -e "select VersionId from Version\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` if [ $DBVERSION != 11 ] ; then echo " " echo "The existing database is version $DBVERSION !!" echo "This script can only update an existing version 11 database to version 12." echo "Error. Cannot upgrade this database."; fail bacula9-director-mysql-9.6.7-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/bacula/scripts/update_mysql_tables: $ grep -A5 -B5 /tmp/ /usr/share/bacula/scripts/update_mysql_tables ARGS=$* getVersion() { mysql $ARGS -D ${db_name} -e "select VersionId from Version LIMIT 1\G" >/tmp/$$ DBVERSION=`sed -n -e 's/^VersionId: $.*$$/\1/p' /tmp/$$` } getVersion if [ "x$DBVERSION" = x ]; then; fail digitemp-utils-3.6.0-alt1.2.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/digitemp/rrdb/log-temperature.pl: $ grep -A5 -B5 /tmp/ /usr/share/digitemp/rrdb/log-temperature.pl } else { die "Could not find rrdtool binary\n"; } # The RRD database to put the data into $wx_rrd = "/tmp/digitemp.rrd"; # Read the output from digitemp # Output in form 0\troom\tattic\tdrink open( DIGITEMP, "digitemp -a -q -o2 |" ); -- chomp; if( $_ =~ /^nanosleep/i ) { $now = localtime; open( ERRLOG, ">>/tmp/dt-error") or die "Error opening dt-error"; print ERRLOG "nanosleep error at $now\n"; close( ERRLOG ); die "nanosleep error"; } else { -- # This section was used to create up to date email signature files # Create the email header in Fahrenheit #open( HEADER, ">/tmp/.header") or die "Error opening .header"; #$now = localtime; #print HEADER "[$now]--[Inside "; #printf HEADER "%0.2f",ctof( $room ); #print HEADER "F]--[Outside "; Found error in /usr/share/digitemp/perl/maxplot: $ grep -A5 -B5 /tmp/ /usr/share/digitemp/perl/maxplot $im->string(gdSmallFont,$hmargin,&ytransform(-30),"Harddrive #1",$red); $im->string(gdSmallFont,$hmargin,&ytransform(-35),"Room Temperature",$green); $im->string(gdSmallFont,$hmargin,&ytransform(-40),"Outside Temperature",$orange); # Output it to a .gif image file open( PLOT, ">/tmp/tempplot.gif"); print PLOT $im->gif; close(PLOT); # copy the image to its final destination and make sure it is owned # by the right person. system "cp /tmp/tempplot.gif /home/nexus/.public_html/tempplot.gif"; system "chown nexus.users /home/nexus/.public_html/tempplot.gif"; system "chmod 0644 /home/nexus/.public_html/tempplot.gif";; fail dracut-051-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/99base/init.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/99base/init.sh # # Copyright 2008-2010, Red Hat, Inc. # Harald Hoyer # Jeremy Katz export -p > /tmp/export.orig NEWROOT="/sysroot" [ -d $NEWROOT ] || mkdir -p -m 0755 $NEWROOT OLDPATH=$PATH -- echo "$line" >> /etc/cmdline.d/99-cmdline-ask.conf done fi if ! getargbool 1 'rd.hostonly'; then [ -f /etc/cmdline.d/99-cmdline-ask.conf ] && mv /etc/cmdline.d/99-cmdline-ask.conf /tmp/99-cmdline-ask.conf remove_hostonly_files [ -f /tmp/99-cmdline-ask.conf ] && mv /tmp/99-cmdline-ask.conf /etc/cmdline.d/99-cmdline-ask.conf fi # run scriptlets to parse the command line make_trace_mem "hook cmdline" '1+:mem' '1+:iomem' '3+:slab' getarg 'rd.break=cmdline' -d 'rdbreak=cmdline' && emergency_shell -n cmdline "Break before cmdline" -- :;; *) unset "$i";; esac done . /tmp/export.orig 2>/dev/null || : rm -f -- /tmp/export.orig initargs="" read CLINE /dev/null ; then ignoreargs="console BOOT_IMAGE" Found error in /usr/lib/dracut/modules.d/98syslog/rsyslogd-start.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/98syslog/rsyslogd-start.sh set -f for filter in $filters; do echo "${filter} @${server}" done ) #echo "*.* /tmp/syslog" } [ -f /tmp/syslog.type ] && read type < /tmp/syslog.type [ -f /tmp/syslog.server ] && read server < /tmp/syslog.server [ -f /tmp/syslog.filters ] && read filters < /tmp/syslog.filters [ -z "$filters" ] && filters="kern.*" [ -f /tmp/syslog.conf ] && read conf < /tmp/syslog.conf [ -z "$conf" ] && conf="/etc/rsyslog.conf" && echo "$conf" > /tmp/syslog.conf if [ $type = "rsyslogd" ]; then template=/etc/templates/rsyslog.conf if [ -n "$server" ]; then rsyslog_config "$server" "$template" "$filters" > $conf Found error in /usr/lib/dracut/modules.d/98syslog/parse-syslog-opts.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/98syslog/parse-syslog-opts.sh syslogserver=$(getarg syslog.server -d syslog) syslogfilters=$(getargs syslog.filter -d filter) syslogtype=$(getarg syslog.type -d syslogtype) [ -n "$syslogserver" ] && echo $syslogserver > /tmp/syslog.server [ -n "$syslogfilters" ] && echo "$syslogfilters" > /tmp/syslog.filters if [ -n "$syslogtype" ]; then echo "$syslogtype" > /tmp/syslog.type else syslogtype=$(detect_syslog) echo $syslogtype > /tmp/syslog.type fi Found error in /usr/lib/dracut/modules.d/95nvmf/parse-nvmf-boot-connections.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95nvmf/parse-nvmf-boot-connections.sh [ -f "/etc/nvme/hostid" ] || exit 0 if [ -f "/etc/nvme/discovery.conf" ] ; then /sbin/initqueue --settled --onetime --unique --name nvme-discover /usr/sbin/nvme connect-all if [ "$trtype" = "tcp" ] ; then > /tmp/net.$ifname.did-setup fi else # No nvme command line arguments present, try autodiscovery if [ "$trtype" = "fc" ] ; then /sbin/initqueue --finished --onetime --unique --name nvme-fc-autoconnect /sbin/nvmf-autoconnect.sh Found error in /usr/lib/dracut/modules.d/90dmraid/dmraid.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmraid/dmraid.sh type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh dev="$1" devenc=$(str_replace "$1" '/' '\2f') [ -e /tmp/dmraid.$devenc ] && exit 0 >/tmp/dmraid.$devenc DM_RAIDS=$(getargs rd.dm.uuid -d rd_DM_UUID=) if [ -n "$DM_RAIDS" ] || getargbool 0 rd.auto; then Found error in /usr/lib/dracut/modules.d/90crypt/probe-keydev.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90crypt/probe-keydev.sh info "Probing $real_keydev for $keypath..." test_dev -f "$real_keydev" "$keypath" || exit 1 info "Found $keypath on $real_keydev" echo "$luksdev:$real_keydev:$keypath" >> /tmp/luks.keys Found error in /usr/lib/dracut/modules.d/90crypt/parse-keydev.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90crypt/parse-keydev.sh fi # A keydev of '/' is treated as the initrd itself if [ "/" = "$keydev" ]; then [ -z "$luksdev" ] && luksdev='*' echo "$luksdev:$keydev:$keypath" >> /tmp/luks.keys continue elif [ -n "$keydev" ]; then udevmatch "$keydev" >&7 || { warn 'keydev incorrect!' continue Found error in /usr/lib/dracut/modules.d/04watchdog/watchdog.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/04watchdog/watchdog.sh #!/bin/sh if [ -e /dev/watchdog ]; then if [ ! -e /tmp/watchdog_timeout ]; then wdctl -s 60 /dev/watchdog >/dev/null 2>&1 > /tmp/watchdog_timeout fi info "Triggering watchdog" >/dev/watchdog else modprobe ib700wdt; fail dracut-live-051-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh # live updates updates=$(getarg live.updates=) if [ -n "$updates" ]; then # make sure network comes up even if we're doing a local live device if [ -z "$netroot" ]; then echo > /tmp/net.ifaces fi echo "$updates" > /tmp/liveupdates.info echo '[ -e /tmp/liveupdates.done ]' > \ $hookdir/initqueue/finished/liveupdates.sh fi str_starts "$root" "live:" && liveurl="$root" str_starts "$liveurl" "live:" || return Found error in /usr/lib/dracut/modules.d/90livenet/livenetroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90livenet/livenetroot.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin RETRIES=${RETRIES:-100} SLEEP=${SLEEP:-5} [ -e /tmp/livenet.downloaded ] && exit 0 # args get passed from 40network/netroot netroot="$2" liveurl="${netroot#livenet:}" info "fetching $liveurl" -- sleep $SLEEP fi i=$((i + 1)) done > /tmp/livenet.downloaded # TODO: couldn't dmsquash-live-root handle this? if [ ${imgfile##*.} = "iso" ]; then root=$(losetup -f) losetup $root $imgfile Found error in /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh do_iso_scan() { local _name local dev for dev in /dev/disk/by-uuid/*; do _name=$(dev_unit_name "$dev") [ -e /tmp/isoscan-${_name} ] && continue > /tmp/isoscan-${_name} mount -t auto -o ro "$dev" "/run/initramfs/isoscan" || continue if [ -f "/run/initramfs/isoscan/$isofile" ]; then losetup -f "/run/initramfs/isoscan/$isofile" ln -s $dev /run/initramfs/isoscandev rm -f -- "$job" Found error in /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh command -v unpack_archive >/dev/null || . /lib/img-lib.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/liveroot.$$.out exec 2>> /tmp/liveroot.$$.out set -x fi [ -z "$1" ] && exit 1 livedev="$1"; fail dracut-network-051-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/95iscsi/parse-iscsiroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95iscsi/parse-iscsiroot.sh [ -z "$netroot" ] && netroot=iscsi: fi modprobe -b -q iscsi_boot_sysfs 2>/dev/null modprobe -b -q iscsi_ibft # if no ip= is given, but firmware echo "${DRACUT_SYSTEMD+systemctl is-active initrd-root-device.target || }[ -f '/tmp/iscsistarted-firmware' ]" > $hookdir/initqueue/finished/iscsi_started.sh initqueue --unique --online /sbin/iscsiroot online "iscsi:" "$NEWROOT" initqueue --unique --onetime --timeout /sbin/iscsiroot timeout "iscsi:" "$NEWROOT" initqueue --unique --onetime --settled /sbin/iscsiroot online "iscsi:" "'$NEWROOT'" fi -- sleep 1 fi fi # If not given on the cmdline and initiator-name available via iBFT if [ -z $iscsi_initiator ] && [ -f /sys/firmware/ibft/initiator/initiator-name ] && ! [ -f /tmp/iscsi_set_initiator ]; then iscsi_initiator=$(while read line || [ -n "$line" ]; do echo $line;done < /sys/firmware/ibft/initiator/initiator-name) if [ -n "$iscsi_initiator" ]; then echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- for nroot in $(getargs netroot); do [ "${nroot%%:*}" = "iscsi" ] || continue type parse_iscsi_root >/dev/null 2>&1 || . /lib/net-lib.sh parse_iscsi_root "$nroot" || return 1 netroot_enc=$(str_replace "$nroot" '/' '\2f') echo "${DRACUT_SYSTEMD+systemctl is-active initrd-root-device.target || }[ -f '/tmp/iscsistarted-$netroot_enc' ]" > $hookdir/initqueue/finished/iscsi_started.sh done # Done, all good! rootok=1 Found error in /usr/lib/dracut/modules.d/95iscsi/iscsiroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95iscsi/iscsiroot.sh modprobe crc32c 2>/dev/null # start iscsiuio if needed if [ -z "${DRACUT_SYSTEMD}" ] && \ ( [ -e /sys/module/bnx2i ] || [ -e /sys/module/qedi ] ) && \ ! [ -e /tmp/iscsiuio-started ]; then iscsiuio > /tmp/iscsiuio-started fi handle_firmware() { -- # the iSCSI sessions will still be present. if ! iscsiadm -m fw; then warn "iscsiadm: Could not get list of targets from firmware." else ifaces=$(set -- /sys/firmware/ibft/ethernet*; echo $#) retry=$(cat /tmp/session-retry) if [ $retry -lt $ifaces ]; then retry=$((retry+1)) echo $retry > /tmp/session-retry return 1 else rm /tmp/session-retry fi if ! iscsiadm -m fw -l; then warn "iscsiadm: Log-in to iscsi target failed" else need_shutdown fi fi [ -d /sys/class/iscsi_session ] || return 1 echo 'started' > "/tmp/iscsistarted-iscsi:" echo 'started' > "/tmp/iscsistarted-firmware" return 0 } -- # XXX is this needed? getarg ro && iscsirw=ro getarg rw && iscsirw=rw fsopts=${fsopts:+$fsopts,}${iscsirw} if [ -z "$iscsi_initiator" ] && [ -f /sys/firmware/ibft/initiator/initiator-name ] && ! [ -f /tmp/iscsi_set_initiator ]; then iscsi_initiator=$(while read line || [ -n "$line" ]; do echo $line;done < /sys/firmware/ibft/initiator/initiator-name) echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- iscsi_initiator=$(iscsi-iname) echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- return 1 fi > $hookdir/initqueue/work netroot_enc=$(str_replace "$1" '/' '\2f') echo 'started' > "/tmp/iscsistarted-iscsi:${netroot_enc}" return 0 } ret=0 -- sleep 2 fi if getargbool 0 rd.iscsi.firmware -d -y iscsi_firmware ; then if [ "$netif" = "timeout" ] || [ "$netif" = "online" ] || [ "$netif" = "dummy" ]; then [ -f /tmp/session-retry ] || echo 1 > /tmp/session-retry handle_firmware ret=$? fi fi Found error in /usr/lib/dracut/modules.d/45ifcfg/write-ifcfg.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/45ifcfg/write-ifcfg.sh #!/bin/sh # NFS root might have reached here before /tmp/net.ifaces was written type is_persistent_ethernet_name >/dev/null 2>&1 || . /lib/net-lib.sh udevadm settle --timeout=30 mkdir -m 0755 -p /tmp/ifcfg/ mkdir -m 0755 -p /tmp/ifcfg-leases/ get_config_line_by_subchannel() { local CHANNEL local line -- fi echo "DEVICE=\"$_netif\"" } for netup in /tmp/net.*.did-setup ; do [ -f $netup ] || continue netif=${netup%%.did-setup} netif=${netif##*/net.} strglobin "$netif" ":*:*:*:*:" && continue [ -e /tmp/ifcfg/ifcfg-$netif ] && continue unset bridge unset bond unset bondslaves unset bondname unset bondoptions -- unset ethname unset vlan unset vlanname unset phydevice [ -e /tmp/bond.${netif}.info ] && . /tmp/bond.${netif}.info [ -e /tmp/bridge.${netif}.info ] && . /tmp/bridge.${netif}.info [ -e /tmp/team.${netif}.info ] && . /tmp/team.${netif}.info uuid=$(cat /proc/sys/kernel/random/uuid) if [ "$netif" = "$bridgename" ]; then bridge=yes elif [ "$netif" = "$teammaster" ]; then -- elif [ "$netif" = "$bondname" ]; then # $netif can't be bridge and bond at the same time bond=yes fi for i in /tmp/vlan.${netif}.*; do [ ! -e "$i" ] && continue . "$i" vlan=yes break done -- [ -z "$vlan" ] && interface_bind "$netif" "$macaddr" echo "ONBOOT=yes" echo "NETBOOT=yes" echo "UUID=\"$uuid\"" strstr "$(ip -6 addr show dev $netif)" 'inet6' && echo "IPV6INIT=yes" if [ -f /tmp/dhclient.$netif.lease ]; then [ -f /tmp/dhclient.$netif.dhcpopts ] && . /tmp/dhclient.$netif.dhcpopts if [ -f /tmp/net.$netif.has_ibft_config ]; then echo "BOOTPROTO=ibft" else echo "BOOTPROTO=dhcp" fi cp /tmp/dhclient.$netif.lease /tmp/ifcfg-leases/dhclient-$uuid-$netif.lease else # If we've booted with static ip= lines, the override file is there [ -e /tmp/net.$netif.override ] && . /tmp/net.$netif.override if strglobin "$ip" '*:*:*'; then echo "IPV6INIT=yes" echo "IPV6_AUTOCONF=no" echo "IPV6ADDR=\"$ip/$mask\"" else if [ -f /tmp/net.$netif.has_ibft_config ]; then echo "BOOTPROTO=ibft" else echo "BOOTPROTO=none" echo "IPADDR=\"$ip\"" if strstr "$mask" "."; then -- elif [ -n "$gw" ]; then echo "GATEWAY=\"$gw\"" fi fi [ -n "$mtu" ] && echo "MTU=\"$mtu\"" } > /tmp/ifcfg/ifcfg-$netif # bridge needs different things written to ifcfg if [ -z "$bridge" ] && [ -z "$bond" ] && [ -z "$vlan" ] && [ -z "$team" ]; then # standard interface echo "TYPE=Ethernet" >> /tmp/ifcfg/ifcfg-$netif fi if [ -n "$vlan" ] ; then { echo "TYPE=Vlan" echo "DEVICE=\"$netif\"" echo "VLAN=yes" echo "PHYSDEV=\"$phydevice\"" } >> /tmp/ifcfg/ifcfg-$netif fi if [ -n "$bond" ] ; then # bond interface { # This variable is an indicator of a bond interface for initscripts echo "BONDING_OPTS=\"$bondoptions\"" echo "NAME=\"$netif\"" echo "TYPE=Bond" } >> /tmp/ifcfg/ifcfg-$netif for slave in $bondslaves ; do # write separate ifcfg file for the raw eth interface ( echo "# Generated by dracut initrd" -- echo "NETBOOT=yes" echo "SLAVE=yes" echo "MASTER=\"$netif\"" echo "UUID=\"$(cat /proc/sys/kernel/random/uuid)\"" unset macaddr [ -e /tmp/net.$slave.override ] && . /tmp/net.$slave.override interface_bind "$slave" "$macaddr" ) >> /tmp/ifcfg/ifcfg-$slave done fi if [ -n "$bridge" ] ; then # bridge { echo "TYPE=Bridge" echo "NAME=\"$netif\"" } >> /tmp/ifcfg/ifcfg-$netif for slave in $bridgeslaves ; do # write separate ifcfg file for the raw eth interface ( echo "# Generated by dracut initrd" echo "NAME=\"$slave\"" -- echo "ONBOOT=yes" echo "NETBOOT=yes" echo "BRIDGE=\"$bridgename\"" echo "UUID=\"$(cat /proc/sys/kernel/random/uuid)\"" unset macaddr [ -e /tmp/net.$slave.override ] && . /tmp/net.$slave.override interface_bind "$slave" "$macaddr" ) >> /tmp/ifcfg/ifcfg-$slave done fi i=1 for ns in $(getargs nameserver) $dns1 $dns2; do echo "DNS${i}=\"${ns}\"" >> /tmp/ifcfg/ifcfg-$netif i=$((i+1)) done [ -f /tmp/net.route6."$netif" ] && cp /tmp/net.route6."$netif" /tmp/ifcfg/route6-"$netif" [ -f /tmp/net.route."$netif" ] && cp /tmp/net.route."$netif" /tmp/ifcfg/route-"$netif" done # Pass network opts mkdir -m 0755 -p /run/initramfs/state/etc/sysconfig/network-scripts mkdir -m 0755 -p /run/initramfs/state/var/lib/dhclient echo "files /etc/sysconfig/network-scripts" >> /run/initramfs/rwtab echo "files /var/lib/dhclient" >> /run/initramfs/rwtab { cp /tmp/net.* /run/initramfs/ for i in /tmp/net.*.resolv.conf; do [ -f "$i" ] && cat "$i" done | awk '!($0 in a) { a[$0]; print }' > /run/initramfs/state/etc/resolv.conf [ -s /run/initramfs/state/etc/resolv.conf ] || rm -f /run/initramfs/state/etc/resolv.conf copytree /tmp/ifcfg /run/initramfs/state/etc/sysconfig/network-scripts cp /tmp/ifcfg-leases/* /run/initramfs/state/var/lib/dhclient } > /dev/null 2>&1 Found error in /usr/lib/dracut/modules.d/40network/net-lib.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/40network/net-lib.sh } # list the configured interfaces configured_ifaces() { local IFACES="" iface_id="" rv=1 [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces if { pidof udevd || pidof systemd-udevd; } > /dev/null; then for iface_id in $IFACES; do echo $(iface_name $iface_id) rv=0 done -- return $rv } all_ifaces_up() { local iface="" IFACES="" [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces for iface in $IFACES; do [ -e /tmp/net.$iface.up ] || return 1 done } all_ifaces_setup() { local iface="" IFACES="" [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces for iface in $IFACES; do [ -e /tmp/net.$iface.did-setup ] || return 1 done } get_netroot_ip() { local prefix="" server="" rest="" -- local netif="$1" # ip down/flush ensures that routing info goes away as well ip link set $netif down ip addr flush dev $netif echo "#empty" > /etc/resolv.conf rm -f -- /tmp/net.$netif.did-setup [ -z "$DO_VLAN" ] && \ [ -e /sys/class/net/$netif/address ] && \ rm -f -- /tmp/net.$(cat /sys/class/net/$netif/address).did-setup # TODO: send "offline" uevent? } setup_net() { local netif="$1" f="" gw_ip="" netroot_ip="" iface="" IFACES="" local _p [ -e /tmp/net.$netif.did-setup ] && return [ -z "$DO_VLAN" ] && \ [ -e /sys/class/net/$netif/address ] && \ [ -e /tmp/net.$(cat /sys/class/net/$netif/address).did-setup ] && return [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces [ -z "$IFACES" ] && IFACES="$netif" # run the scripts written by ifup [ -e /tmp/net.$netif.hostname ] && . /tmp/net.$netif.hostname [ -e /tmp/net.$netif.override ] && . /tmp/net.$netif.override [ -e /tmp/dhclient.$netif.dhcpopts ] && . /tmp/dhclient.$netif.dhcpopts # set up resolv.conf [ -e /tmp/net.$netif.resolv.conf ] && \ awk '!array[$0]++' /tmp/net.$netif.resolv.conf > /etc/resolv.conf [ -e /tmp/net.$netif.gw ] && . /tmp/net.$netif.gw # add static route for _p in $(getargs rd.route); do route_to_var "$_p" || continue [ -n "$route_dev" ] && [ "$route_dev" != "$netif" ] && continue ip route add "$route_mask" ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev} if strstr "$route_mask" ":"; then printf -- "%s\n" "$route_mask ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev}" \ > /tmp/net.route6."$netif" else printf -- "%s\n" "$route_mask ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev}" \ > /tmp/net.route."$netif" fi done # If a static route was necessary to reach the gateway, the # first gateway setup call will have failed with # RTNETLINK answers: Network is unreachable # Replace the default route again after static routes to cover # this scenario. [ -e /tmp/net.$netif.gw ] && . /tmp/net.$netif.gw # Handle STP Timeout: arping the default gateway. # (or the root server, if a) it's local or b) there's no gateway.) # Note: This assumes that if no router is present the # root server is on the same subnet. -- arping -q -f -w 60 -I $netif $dest || info "Resolving $dest via ARP on $netif failed" fi fi unset layer2 > /tmp/net.$netif.did-setup [ -z "$DO_VLAN" ] && \ [ -e /sys/class/net/$netif/address ] && \ > /tmp/net.$(cat /sys/class/net/$netif/address).did-setup } save_netinfo() { local netif="$1" IFACES="" f="" i="" [ -e /tmp/net.ifaces ] && read IFACES < /tmp/net.ifaces # Add $netif to the front of IFACES (if it's not there already). set -- "$netif" for i in $IFACES; do [ "$i" != "$netif" ] && set -- "$@" "$i"; done IFACES="$*" for i in $IFACES; do for f in /tmp/dhclient.$i.*; do [ -f $f ] && cp -f $f /tmp/net.${f#/tmp/dhclient.} done done echo $IFACES > /tmp/.net.ifaces.new mv /tmp/.net.ifaces.new /tmp/net.ifaces } set_ifname() { local name="$1" mac="$2" num=-1 n="" # if it's already set, return the existing name -- [ -e ${iface}/mac ] || continue mac=$(read a < ${iface}/mac; echo $a) [ -z "$mac" ] && continue dev=$(set_ifname ibft $mac) [ -e /tmp/net.${dev}.has_ibft_config ] && continue [ -e ${iface}/flags ] && flags=$(read a < ${iface}/flags; echo $a) # Skip invalid interfaces (( $flags & 1 )) || continue # Skip interfaces not used for booting unless using multipath -- vlan=$(read a < ${iface}/vlan; echo $a) if [ "$vlan" -ne "0" ]; then case "$vlan" in [0-9]*) echo "vlan=$dev.$vlan:$dev" echo $mac > /tmp/net.${dev}.${vlan}.has_ibft_config ;; *) echo "vlan=$vlan:$dev" echo $mac > /tmp/net.${vlan}.has_ibft_config ;; esac else echo $mac > /tmp/net.${dev}.has_ibft_config fi else echo $mac > /tmp/net.${dev}.has_ibft_config fi done ) >> /etc/cmdline.d/40-ibft.conf } Found error in /usr/lib/dracut/modules.d/40network/ifname-genrules.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/40network/ifname-genrules.sh { for p in $(getargs ifname=); do parse_ifname_opts $p if [ -f /tmp/ifname-$ifname_mac ]; then read oldif < /tmp/ifname-$ifname_mac fi if [ -f /tmp/ifname-$ifname_if ]; then read oldmac < /tmp/ifname-$ifname_if fi if [ -n "$oldif" -a -n "$oldmac" -a "$oldif" = "$ifname_if" -a "$oldmac" = "$ifname_mac" ]; then # skip same ifname= declaration continue fi [ -n "$oldif" ] && warn "Multiple interface names specified for MAC $ifname_mac: $oldif" [ -n "$oldmac" ] && warn "Multiple MAC specified for $ifname_if: $oldmac" printf 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="%s", ATTR{type}=="1", NAME="%s"\n' "$ifname_mac" "$ifname_if" echo $ifname_if > /tmp/ifname-$ifname_mac echo $ifname_mac > /tmp/ifname-$ifname_if done } >> /etc/udev/rules.d/80-ifname.rules Found error in /usr/lib/dracut/modules.d/35network-wicked/wicked-config.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-wicked/wicked-config.sh #!/bin/sh getcmdline > /tmp/cmdline.$$.conf wicked show-config --ifconfig dracut:cmdline:/tmp/cmdline.$$.conf > /tmp/dracut.xml rm -f /tmp/cmdline.$$.conf Found error in /usr/lib/dracut/modules.d/35network-manager/nm-run.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-manager/nm-run.sh for _i in /sys/class/net/ens19 /sys/class/net/lo do state=/run/NetworkManager/devices/$(cat $_i/ifindex) grep -q connection-uuid= $state 2>/dev/null || continue ifname=${_i##*/} sed -n 's/root-path/new_root_path/p;s/next-server/new_next_server/p' <$state >/tmp/dhclient.$ifname.dhcpopts source_hook initqueue/online $ifname /sbin/netroot $ifname done > /tmp/nm.done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-vlan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-vlan.sh unset phydevice if [ ! "$vlan" = "vlan" ]; then parsevlan "$vlan" fi echo "phydevice=\"$phydevice\"" > /tmp/vlan.${phydevice}.phy { echo "vlanname=\"$vlanname\"" echo "phydevice=\"$phydevice\"" } > /tmp/vlan.${vlanname}.${phydevice} done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-team.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-team.sh unset teamslaves unset teamrunner parseteam "$team" || continue echo "teammaster=$teammaster" > /tmp/team.${teammaster}.info echo "teamslaves=\"$teamslaves\"" >> /tmp/team.${teammaster}.info echo "teamrunner=\"$teamrunner\"" >> /tmp/team.${teammaster}.info if ! [ -e /etc/teamd/${teammaster}.conf ]; then warn "Team master $teammaster specified, but no /etc/teamd/$teammaster.conf present. Using $teamrunner." mkdir -p /etc/teamd printf -- "%s" "{\"runner\": {\"name\": \"$teamrunner\"}, \"link_watch\": {\"name\": \"ethtool\"}}" > "/tmp/${teammaster}.conf" fi done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-ip-opts.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-ip-opts.sh IFACES="${IFACES%$BOOTDEV*} ${IFACES#*$BOOTDEV}" IFACES="$BOOTDEV $IFACES" fi # Store BOOTDEV and IFACES for later use [ -n "$BOOTDEV" ] && echo $BOOTDEV > /tmp/net.bootdev [ -n "$IFACES" ] && echo $IFACES > /tmp/net.ifaces Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-bridge.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-bridge.sh # Simple default bridge if [ -z "$bridgename" ]; then bridgename=br0 bridgeslaves=$iface fi echo "bridgename=$bridgename" > /tmp/bridge.${bridgename}.info echo "bridgeslaves=\"$bridgeslaves\"" >> /tmp/bridge.${bridgename}.info done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-bond.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-bond.sh bondname=bond0 bondslaves="eth0 eth1" fi # Make it suitable for initscripts export bondoptions=$(str_replace "$bondoptions" ";" ",") echo "bondname=$bondname" > /tmp/bond.${bondname}.info echo "bondslaves=\"$bondslaves\"" >> /tmp/bond.${bondname}.info echo "bondoptions=\"$bondoptions\"" >> /tmp/bond.${bondname}.info echo "bondmtu=\"$bondmtu\"" >> /tmp/bond.${bondname}.info done Found error in /usr/lib/dracut/modules.d/35network-legacy/ifup.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/ifup.sh local _COUNT=0 local _timeout=$(getargs rd.net.timeout.dhcp=) local _DHCPRETRY=$(getargs rd.net.dhcp.retry=) _DHCPRETRY=${_DHCPRETRY:-1} [ -e /tmp/dhclient.$netif.pid ] && return 0 if ! iface_has_carrier $netif; then warn "No carrier detected on interface $netif" return 1 fi -- dhclient "$@" \ ${_timeout:+--timeout $_timeout} \ -q \ -1 \ -cf /etc/dhclient.conf \ -pf /tmp/dhclient.$netif.pid \ -lf /tmp/dhclient.$netif.lease \ $netif \ && return 0 _COUNT=$(($_COUNT+1)) [ $_COUNT -lt $_DHCPRETRY ] && sleep 1 done warn "dhcp for interface $netif failed" # nuke those files since we failed; we might retry dhcp again if it's e.g. # `ip=dhcp,dhcp6` and we check for the PID file at the top rm -f /tmp/dhclient.$netif.{pid,lease} return 1 } load_ipv6() { [ -d /proc/sys/net/ipv6 ] && return -- echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_redirects linkup $netif wait_for_ipv6_auto $netif ret=$? [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname return $ret } # Handle static ip configuration -- fi ip addr flush dev $netif ip addr add $ip/$mask ${srv:+peer $srv} brd + dev $netif fi [ -n "$gw" ] && echo ip route replace default via $gw dev $netif > /tmp/net.$netif.gw [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname return 0 } get_vid() { -- ;; esac } # check, if we need VLAN's for this interface if [ -z "$DO_VLAN_PHY" ] && [ -e /tmp/vlan.${netif}.phy ]; then unset DO_VLAN NO_AUTO_DHCP=yes DO_VLAN_PHY=yes ifup "$netif" modprobe -b -q 8021q for i in /tmp/vlan.*.${netif}; do [ -e "$i" ] || continue unset vlanname unset phydevice . "$i" if [ -n "$vlanname" ]; then -- done exit 0 fi # Check, if interface is VLAN interface if ! [ -e /tmp/vlan.${netif}.phy ]; then for i in /tmp/vlan.${netif}.*; do [ -e "$i" ] || continue export DO_VLAN=yes break done fi # bridge this interface? if [ -z "$NO_BRIDGE_MASTER" ]; then for i in /tmp/bridge.*.info; do [ -e "$i" ] || continue unset bridgeslaves unset bridgename . "$i" for ethname in $bridgeslaves ; do [ "$netif" != "$ethname" ] && continue NO_BRIDGE_MASTER=yes NO_AUTO_DHCP=yes ifup $ethname linkup $ethname if [ ! -e /tmp/bridge.$bridgename.up ]; then ip link add name $bridgename type bridge echo 0 > /sys/devices/virtual/net/$bridgename/bridge/forward_delay > /tmp/bridge.$bridgename.up fi ip link set dev $ethname master $bridgename ifup $bridgename exit 0 done done fi # enslave this interface to bond? if [ -z "$NO_BOND_MASTER" ]; then for i in /tmp/bond.*.info; do [ -e "$i" ] || continue unset bondslaves unset bondname . "$i" for slave in $bondslaves ; do [ "$netif" != "$slave" ] && continue # already setup [ -e /tmp/bond.$bondname.up ] && exit 0 # wait for all slaves to show up for slave in $bondslaves ; do # try to create the slave (maybe vlan or bridge) NO_BOND_MASTER=yes NO_AUTO_DHCP=yes ifup $slave -- done linkup $bondname for slave in $bondslaves ; do cat /sys/class/net/$slave/address > /tmp/net.${bondname}.${slave}.hwaddr ip link set $slave down echo "+$slave" > /sys/class/net/$bondname/bonding/slaves linkup $slave done -- if [ "${key}" = "primary" ]; then echo $value > /sys/class/net/${bondname}/bonding/$key fi done > /tmp/bond.$bondname.up NO_BOND_MASTER=yes ifup $bondname exit $? done done fi if [ -z "$NO_TEAM_MASTER" ]; then for i in /tmp/team.*.info; do [ -e "$i" ] || continue unset teammaster unset teamslaves . "$i" for slave in $teamslaves ; do [ "$netif" != "$slave" ] && continue [ -e /tmp/team.$teammaster.up ] && exit 0 # wait for all slaves to show up for slave in $teamslaves ; do # try to create the slave (maybe vlan or bridge) NO_TEAM_MASTER=yes NO_AUTO_DHCP=yes ifup $slave -- # wait for the last slave to show up exit 0 fi done if [ ! -e /tmp/team.$teammaster.up ] ; then # We shall only bring up those _can_ come up # in case of some slave is gone in active-backup mode working_slaves="" for slave in $teamslaves ; do teamdctl ${teammaster} port present ${slave} 2>/dev/null \ -- teamdctl $teammaster port add $slave done ip link set dev $teammaster up > /tmp/team.$teammaster.up NO_TEAM_MASTER=yes ifup $teammaster exit $? fi done done -- # disable manual ifup while netroot is set for simplifying our logic # in netroot case we prefer netroot to bringup $netif automaticlly [ -n "$2" -a "$2" = "-m" ] && [ -z "$netroot" ] && manualup="$2" if [ -n "$manualup" ]; then >/tmp/net.$netif.manualup rm -f /tmp/net.${netif}.did-setup else [ -e /tmp/net.${netif}.did-setup ] && exit 0 [ -z "$DO_VLAN" ] && \ [ -e /sys/class/net/$netif/address ] && \ [ -e /tmp/net.$(cat /sys/class/net/$netif/address).did-setup ] && exit 0 fi # Specific configuration, spin through the kernel command line # looking for ip= lines -- fi # Store config for later use for i in ip srv gw mask hostname macaddr mtu dns1 dns2; do eval '[ "$'$i'" ] && echo '$i'="$'$i'"' done > /tmp/net.$netif.override for autoopt in $(str_replace "$autoconf" "," " "); do case $autoopt in dhcp|on|any) do_dhcp -4 ;; -- ret=$? # setup nameserver for s in "$dns1" "$dns2" $(getargs nameserver); do [ -n "$s" ] || continue echo nameserver $s >> /tmp/net.$netif.resolv.conf done if [ $ret -eq 0 ]; then > /tmp/net.${netif}.up if [ -z "$DO_VLAN" ] && [ -e /sys/class/net/${netif}/address ]; then > /tmp/net.$(cat /sys/class/net/${netif}/address).up fi # and finally, finish interface set up if there isn't already a script # to do so (which is the case in the dhcp path) if [ ! -e $hookdir/initqueue/setup_net_$netif.sh ]; then -- exit $ret fi done # no ip option directed at our interface? if [ -z "$NO_AUTO_DHCP" ] && [ ! -e /tmp/net.${netif}.up ]; then ret=1 if [ -e /tmp/net.bootdev ]; then BOOTDEV=$(cat /tmp/net.bootdev) if [ "$netif" = "$BOOTDEV" ] || [ "$BOOTDEV" = "$(cat /sys/class/net/${netif}/address)" ]; then do_dhcp ret=$? fi else -- fi fi for s in $(getargs nameserver); do [ -n "$s" ] || continue echo nameserver $s >> /tmp/net.$netif.resolv.conf done if [ "$ret" -eq 0 ] && [ -n "$(ls /tmp/leaseinfo.${netif}*)" ]; then > /tmp/net.${netif}.did-setup if [ -e /sys/class/net/${netif}/address ]; then > /tmp/net.$(cat /sys/class/net/${netif}/address).did-setup fi fi fi exit 0 Found error in /usr/lib/dracut/modules.d/35network-legacy/dhclient-script.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/dhclient-script.sh [ -n "$new_dhcp_lease_time" ] && lease_time=$new_dhcp_lease_time [ -n "$new_max_life" ] && lease_time=$new_max_life preferred_lft=$lease_time [ -n "$new_preferred_life" ] && preferred_lft=$new_preferred_life [ -f /tmp/net.$netif.override ] && . /tmp/net.$netif.override # Taken from debian dhclient-script: # The 576 MTU is only used for X.25 and dialup connections # where the admin wants low latency. Such a low MTU can cause # problems with UDP traffic, among other things. As such, -- ${preferred_lft:+preferred_lft ${preferred_lft}} if [ -n "$gw" ] ; then if [ "$mask" = "255.255.255.255" ] ; then # point-to-point connection => set explicit route to gateway echo ip route add $gw dev $netif > /tmp/net.$netif.gw fi echo "$gw" | { IFS=' ' read -r main_gw other_gw echo ip route replace default via $main_gw dev $netif >> /tmp/net.$netif.gw if [ -n "$other_gw" ] ; then for g in $other_gw; do echo ip route add default via $g dev $netif >> /tmp/net.$netif.gw done fi } fi if getargbool 1 rd.peerdns; then [ -n "${search}${domain}" ] && echo "search $search $domain" > /tmp/net.$netif.resolv.conf if [ -n "$namesrv" ] ; then for s in $namesrv; do echo nameserver $s done fi >> /tmp/net.$netif.resolv.conf fi # Note: hostname can be fqdn OR short hostname, so chop off any # trailing domain name and explicity add any domain if set. [ -n "$hostname" ] && echo "echo ${hostname%.$domain}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname } setup_interface6() { domain=$new_domain_name search=$(printf -- "$new_dhcp6_domain_search") -- [ -n "$new_dhcp_lease_time" ] && lease_time=$new_dhcp_lease_time [ -n "$new_max_life" ] && lease_time=$new_max_life preferred_lft=$lease_time [ -n "$new_preferred_life" ] && preferred_lft=$new_preferred_life [ -f /tmp/net.$netif.override ] && . /tmp/net.$netif.override ip -6 addr add ${new_ip6_address}/${new_ip6_prefixlen} \ dev ${netif} scope global \ ${lease_time:+valid_lft $lease_time} \ ${preferred_lft:+preferred_lft ${preferred_lft}} if getargbool 1 rd.peerdns; then [ -n "${search}${domain}" ] && echo "search $search $domain" > /tmp/net.$netif.resolv.conf if [ -n "$namesrv" ] ; then for s in $namesrv; do echo nameserver $s done fi >> /tmp/net.$netif.resolv.conf fi # Note: hostname can be fqdn OR short hostname, so chop off any # trailing domain name and explicity add any domain if set. [ -n "$hostname" ] && echo "echo ${hostname%.$domain}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname } parse_option_121() { while [ $# -ne 0 ]; do mask="$1" -- unset layer2 setup_interface set | while read line || [ -n "$line" ]; do [ "${line#new_}" = "$line" ] && continue echo "$line" done >/tmp/dhclient.$netif.dhcpopts { echo '. /lib/net-lib.sh' echo "setup_net $netif" if [ -n "$new_classless_static_routes" ]; then -- IFS=".$IFS" parse_option_121 $new_classless_static_routes IFS="$OLDIFS" fi echo "source_hook initqueue/online $netif" [ -e /tmp/net.$netif.manualup ] || echo "/sbin/netroot $netif" echo "rm -f -- $hookdir/initqueue/setup_net_$netif.sh" } > $hookdir/initqueue/setup_net_$netif.sh echo "[ -f /tmp/net.$netif.did-setup ]" > $hookdir/initqueue/finished/dhclient-$netif.sh >/tmp/net.$netif.up if [ -e /sys/class/net/${netif}/address ]; then > /tmp/net.$(cat /sys/class/net/${netif}/address).up fi ;; RENEW|REBIND) -- setup_interface6 set | while read line || [ -n "$line" ]; do [ "${line#new_}" = "$line" ] && continue echo "$line" done >/tmp/dhclient.$netif.dhcpopts { echo '. /lib/net-lib.sh' echo "setup_net $netif" echo "source_hook initqueue/online $netif" [ -e /tmp/net.$netif.manualup ] || echo "/sbin/netroot $netif" echo "rm -f -- $hookdir/initqueue/setup_net_$netif.sh" } > $hookdir/initqueue/setup_net_$netif.sh echo "[ -f /tmp/net.$netif.did-setup ]" > $hookdir/initqueue/finished/dhclient-$netif.sh >/tmp/net.$netif.up if [ -e /sys/class/net/${netif}/address ]; then > /tmp/net.$(cat /sys/class/net/${netif}/address).up fi ;; RENEW6|REBIND6) unset lease_time; fail environment-modules-3.2.10-alt3_23.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/Modules/bin/add.modules: $ grep -A5 -B5 /tmp/ /usr/share/Modules/bin/add.modules $3 > $2 } # find if certain of the dot files have load lines already findload() { grep "^[ ]*module[ ]*load" $1 > /tmp/load.$$ } # put common stuff derivatives here $1=.dot_file $2=action $3=shell(csh,sh) $4=skel alternative shdot() { if [ -f $1 ] then /bin/cat <> $1 else /bin/cat >> $1 < $1 <> $1 else /bin/cat >> $1 <> $1 <> $1 && /bin/rm /tmp/$1.$$ elif [ x$2 = xalias ] then /bin/cat <> $1 && /bin/rm /tmp/$1.$$ fi else /bin/echo "Had problems with your $1" fi else /bin/cat < /dev/null } # process files in $HOME cd $HOME if [ -r .bash_profile ]; then; fail foo2zjs-20200207-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/foo2hbpl2-wrapper: $ grep -A5 -B5 /tmp/ /usr/bin/foo2hbpl2-wrapper #%%BeginFeature: *CustomPageSize True #792.000000 612.000000 1 0.000000 0.000000 #pop pop pop pop pop if [ $DEBUG = 0 ]; then TMPFILE=/tmp/cus$$ else TMPFILE=/tmp/custom.ps fi cat >$TMPFILE exec <$TMPFILE tmp=`head -n 10000 $TMPFILE \ -- case $NUP in [234689]|1[024568]) PREFILTER="nup";; *) PREFILTER=cat;; esac if [ "$DEBUG" -ge 9 ]; then PREFILTER="tee /tmp/$BASENAME.ps" fi # # Overload -G. If the file name ends with ".icm" or ".ICM" # then convert the ICC color profile to a Postscript CRD, -- GAMMAFILE= fi } if [ $DEBUG -gt 0 ]; then ICCTMP=/tmp/icc else ICCTMP=/tmp/icc$$ fi if [ "" = "$COLOR" ]; then COLORMODE= GAMMAFILE= -- # CRD GAMMAFILE="" GAMMAFILE="$GAMMAFILE $CRDBASE/${model}cms" GAMMAFILE="$GAMMAFILE $CRDBASE/$SCREEN" # Black text... TMPFILE2=/tmp/black$$ cat $CRDBASE/black-text.ps - >$TMPFILE2 exec <$TMPFILE2 ;; *.crd) GAMMAFILE="$CRDBASE/prolog.ps" Found error in /usr/bin/foo2ddst-wrapper: $ grep -A5 -B5 /tmp/ /usr/bin/foo2ddst-wrapper #%%BeginFeature: *CustomPageSize True #792.000000 612.000000 1 0.000000 0.000000 #pop pop pop pop pop if [ $DEBUG = 0 ]; then TMPFILE=/tmp/cus$$ else TMPFILE=/tmp/custom.ps fi cat >$TMPFILE exec <$TMPFILE tmp=`head -n 10000 $TMPFILE \ -- case $NUP in [234689]|1[024568]) PREFILTER="nup";; *) PREFILTER=cat;; esac if [ "$DEBUG" -ge 9 ]; then PREFILTER="tee /tmp/$BASENAME.ps" fi # # Overload -G. If the file name ends with ".icm" or ".ICM" # then convert the ICC color profile to a Postscript CRD, -- GAMMAFILE= fi } if [ $DEBUG -gt 0 ]; then ICCTMP=/tmp/icc else ICCTMP=/tmp/icc$$ fi if [ "" = "$COLOR" ]; then COLORMODE= GAMMAFILE=; fail geeqie-1.5.1-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib64/geeqie/geeqie-camera-import-hook-script: $ grep -A5 -B5 /tmp/ /usr/lib64/geeqie/geeqie-camera-import-hook-script # Camera import if [ "$ACTION" == "download" ] then echo "$ARGUMENT" >> /tmp/geeqie-camera-import-files elif [ "$ACTION" == "stop" ] then zenity --info --title="Geeqie camera download" --text="Import ended" --width=200 --timeout=5 --window-icon=usr/local/share/pixmaps/geeqie.png 2>/dev/null if [ -f /tmp/geeqie-camera-import-files ] then rm /tmp/geeqie-camera-import-files fi fi exit 0 Found error in /usr/lib64/geeqie/geeqie-camera-import: $ grep -A5 -B5 /tmp/ /usr/lib64/geeqie/geeqie-camera-import # Import all images from camera # Requires gphoto2 function finish { if [ -f /tmp/geeqie-camera-import-files ] then rm /tmp/geeqie-camera-import-files fi if [ -p $zen_pipe ] then rm $zen_pipe -- then zenity --title="Geeqie camera import" --info --width=200 --text="gphoto2 is not installed" 2>/dev/null exit 0 fi if [ -f /tmp/geeqie-camera-import.log ] then rm /tmp/geeqie-camera-import.log fi if [ $(gphoto2 --auto-detect | wc -l) -le 2 ] then zenity --error --title="Geeqie camera import" --text="No camera detected" --window-icon=/usr/local/share/pixmaps/geeqie.png --width=250 2>/dev/null -- src_files_sorted=$(mktemp --tmpdir geeqie_camera_import_camera_files_sorted_XXXXXX) dest_files_sorted=$(mktemp --tmpdir geeqie_camera_import_computer_files_sorted_XXXXXX) ( gphoto2 --port "$port" --list-files 2>/tmp/geeqie-camera-import.log | awk '/#/ {print $2}' | sort > $src_files_sorted ) | zenity --progress --auto-close --auto-kill --title="Geeqie camera import" --text="Searching for files to download..." --pulsate --window-icon=/usr/local/share/pixmaps/geeqie.png --width=250 error=$(grep -i error /tmp/geeqie-camera-import.log) if [ ! -z "$error" ] then cat /tmp/geeqie-camera-import.log | zenity --text-info --title="Geeqie camera import" - --window-icon=error --width=250 2>/dev/null exit 1 fi ls -1 | sort > $dest_files_sorted existing_file_count=$(comm -12 $src_files_sorted $dest_files_sorted | wc -l) -- then zenity --info --title="Geeqie camera download" --text="No photos to download" --width=250 --window-icon=usr/local/share/pixmaps/geeqie.png 2>/dev/null exit 0 fi if [ -f /tmp/geeqie-camera-import-files ] then rm /tmp/geeqie-camera-import-files fi touch /tmp/geeqie-camera-import-files zen_pipe=$(mktemp --dry-run --tmpdir geeqie_camera_import_pipe_XXXXXX) mkfifo $zen_pipe gphoto2 --port "$port" --hook-script "$script_dir/"geeqie-camera-import-hook-script --get-all-files --skip-existing 2>/tmp/geeqie-camera-import.log & gphoto2_pid=$! (tail -f $zen_pipe 2>/dev/null) | zenity --progress --title="Geeqie camera import" --width=370 --text="Downloading: total: $files_to_load existing: $existing_file_count\n" --auto-close --auto-kill --percentage=0 window-icon=/usr/local/share/pixmaps/geeqie.png 2>/dev/null & zen_pid=$! n=0 while [ -f /tmp/geeqie-camera-import-files ] && [ "$n" -lt 100 ] do i=$(cat "/tmp/geeqie-camera-import-files" | wc -l) n=$(( $((i usr 100)) / $files_to_load)) echo "$n" >$zen_pipe latest_file=$(tail -n 1 /tmp/geeqie-camera-import-files) if [ -z "$latest_file" ] then latest_file="Skipping existing files, if any..." fi echo "#Downloading: total: $files_to_load existing: $existing_file_count\n$latest_file" >$zen_pipe; fail gem-puppet-7.0.0-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gems/2.5.0/gems/puppet-7.0.0/lib/puppet/application/filebucket.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gems/2.5.0/gems/puppet-7.0.0/lib/puppet/application/filebucket.rb EXAMPLES -------- ## Backup a file to the filebucket, then restore it to a temporary directory $ puppet filebucket backup /etc/passwd /etc/passwd: 429b225650b912a2ee067b0a4cf1e949 $ puppet filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949 ## Diff between two files in the filebucket $ puppet filebucket -l diff d43a6ecaa892a1962398ac9170ea9bf2 7ae322f5791217e031dc60188f4521ef 1a2 > again ## Diff between the file in the filebucket and a local file $ puppet filebucket -l diff d43a6ecaa892a1962398ac9170ea9bf2 /tmp/testFile 1a2 > again ## Backup a file to the filebucket and observe that it keeps each backup separate $ puppet filebucket -l list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile $ echo again >> /tmp/TestFile $ puppet filebucket -l backup /tmp/TestFile /tmp/TestFile: 7ae322f5791217e031dc60188f4521ef $ puppet filebucket -l list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile 7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile ## List files in a filebucket within date ranges $ puppet filebucket -l -f 2015-01-01 -t 2015-01-11 list $ puppet filebucket -l -f 2015-05-10 list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile 7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile $ puppet filebucket -l -f "2015-05-11 09:30:00" list 7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile $ puppet filebucket -l -t "2015-05-11 09:30:00" list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile ## Manage files in a specific local filebucket $ puppet filebucket -b /tmp/TestBucket backup /tmp/TestFile2 /tmp/TestFile2: d41d8cd98f00b204e9800998ecf8427e $ puppet filebucket -b /tmp/TestBucket list d41d8cd98f00b204e9800998ecf8427e 2015-05-11 09:33:22 /tmp/TestFile2 ## From a Puppet Server, list files in the server bucketdir $ puppet filebucket -b $(puppet config print bucketdir --section server) list d43a6ecaa892a1962398ac9170ea9bf2 2015-05-11 09:27:56 /tmp/TestFile 7ae322f5791217e031dc60188f4521ef 2015-05-11 09:52:15 /tmp/TestFile AUTHOR ------ Luke Kanies Found error in /usr/lib/ruby/gems/2.5.0/gems/puppet-7.0.0/lib/puppet/application/doc.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gems/2.5.0/gems/puppet-7.0.0/lib/puppet/application/doc.rb 'puppet doc --list'. EXAMPLE ------- $ puppet doc -r type > /tmp/type_reference.markdown AUTHOR ------ Luke Kanies Found error in /usr/lib/ruby/gems/2.5.0/gems/puppet-7.0.0/acceptance/tests/language/sensitive_data_type.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gems/2.5.0/gems/puppet-7.0.0/acceptance/tests/language/sensitive_data_type.rb if agent.platform =~ /32$/ tmp_filename_win = "C:\\cygwin\\tmp\\#{tmp_environment}.txt" else tmp_filename_win = "C:\\cygwin64\\tmp\\#{tmp_environment}.txt" end tmp_filename_else = "/tmp/#{tmp_environment}.txt" on agent, "echo 'old content' > /tmp/#{tmp_environment}.txt" end # first attempts at a reasonable table driven test. needs API work # FIXME: # expand this to other resource types, make parameters arbitrary, make assertions arbitrary Found error in /usr/lib/ruby/gems/2.5.0/gems/puppet-7.0.0/acceptance/lib/puppet/acceptance/solaris_util.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gems/2.5.0/gems/puppet-7.0.0/acceptance/lib/puppet/acceptance/solaris_util.rb on agent, "echo dummy > %s/tst2/usr/bin/x" % o[:root] on agent, "echo val > %s/tst2/etc/y" % o[:root] end def send_pkg2(agent, o={}) o = {:repo=>'/var/tstrepo', :root=>'/opt/fakeroot', :publisher=>'tstpub.lan', :pkg=>'mypkg2@0.0.1', :pkgdep => 'mypkg@0.0.1'}.merge(o) on agent, "(pkgsend generate %s; echo set name=pkg.fmri value=pkg://%s/%s)> /tmp/%s.p5m" % [o[:root], o[:publisher], o[:pkg], o[:pkg]] on agent, "echo depend type=require fmri=%s >> /tmp/%s.p5m" % [o[:pkgdep], o[:pkg]] on agent, "pkgsend publish -d %s -s %s /tmp/%s.p5m" % [o[:root], o[:repo], o[:pkg]] on agent, "pkgrepo refresh -p %s -s %s" % [o[:publisher], o[:repo]] on agent, "pkg refresh" on agent, "pkg list -g %s" % o[:repo] end def send_pkg(agent, o={}) o = {:repo=>'/var/tstrepo', :root=>'/opt/fakeroot', :publisher=>'tstpub.lan', :pkg=>'mypkg@0.0.1'}.merge(o) on agent, "(pkgsend generate %s; echo set name=pkg.fmri value=pkg://%s/%s)> /tmp/%s.p5m" % [o[:root], o[:publisher], o[:pkg], o[:pkg]] on agent, "pkgsend publish -d %s -s %s /tmp/%s.p5m" % [o[:root], o[:repo], o[:pkg]] on agent, "pkgrepo refresh -p %s -s %s" % [o[:publisher], o[:repo]] on agent, "pkg refresh" end def set_publisher(agent, o={}) o = {:repo=>'/var/tstrepo', :publisher=>'tstpub.lan'}.merge(o) -- exit $SMF_EXIT_OK ] % ([o[:service]] usr 4) create_remote_file agent, ('/opt/bin/%s' % o[:service]), %[ #!/usr/bin/sh cleanup() { rm -f /tmp/%s.pidfile; exit 0 } trap cleanup INT TERM trap '' HUP (while :; do sleep 1; done) & echo $! > /tmp/%s.pidfile ] % ([o[:service]] usr 2) on agent, "chmod 755 /lib/svc/method/%s" % o[:service] on agent, "chmod 755 /opt/bin/%s" % o[:service] on agent, "mkdir -p /var/svc/manifest/application" create_remote_file agent, ('/var/smf-%s.xml' % o[:service]),; fail gnormalize-0.63-alt1.qa1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/gnormalize: $ grep -A5 -B5 /tmp/ /usr/bin/gnormalize if ($show_cdplayer_skin and defined $window_cd_player){ # with skin_xTunes $widget->set_size_request (225, 90); # set a minimum size: (width,height) ; skin_xTunes #(pixmap, mask) = Gtk2::Gdk::Pixmap->create_from_xpm ($drawable, $transparent_color, $filename) #($pixmap, $pixmap_mask) = Gtk2::Gdk::Pixmap->create_from_xpm ($widget->window, undef, '/tmp/skin_xTunes.xpm'); ($pixmap, $pixmap_mask) = Gtk2::Gdk::Pixmap->create_from_xpm_d($widget->window, undef, @skin_xTunes); #my $pixmap_widget = Gtk2::Image->new_from_pixmap ($gdkpixmap, $mask); $window_cd_player->shape_combine_mask( $pixmap_mask, 0, 0 ) if not $window_cd_player->get_decorated; -- ###----------- add files to treeview --------------### sub sort_full_path_names{ my @array = @_; # For example: # $array[0] = '/tmp/teste/teste4/mus.mp3' # $array[1] = '/tmp/teste/teste2/teste4/mus.mp3' # $array[2] = '/tmp/mus.mp3' # First, sort this array in ascending order by number of '/' character. # Then, sort in case-insensitively mode. # sort case-insensitively : @articles = sort {uc($a) cmp uc($b)} @files; (see man perlfunc) # multiple comparisons in the routine and separate them with ||. # See Perl Cookbook, 2nd Edition. Chap. 4.16; 10.18 for help; #my $teste = '/tmp/teste/teste2/teste4/mus.mp3'; $teste =~ s/[^\/]//g; print "teste = $teste\n"; # output: teste = ///// # first compare the number of directory character '/'. sub compare_dir { (my $temp1 = $a) =~ s/[^\/]//g; # remove all character but '/' (my $temp2 = $b) =~ s/[^\/]//g; -- #This file 100% done All files 99% done # WaveGain Processing completed normally # No Title Gain adjustment or DC Offset correction required for file: # Error renaming '/tmp/wavegain.tmp' to '04.wav' (uh-oh) # Error processing GAIN for file - 04.wav #print "--> $_\n"; if ( $_ =~ /^\s+Applying Gain of ([-+]\d+[.,]\d+) dB to file:/ ){ $adjust = $1; } -- # leave room for WAV header (44 bytes) #seek WAV, 44, 0; #print "cdrom_rip = $cdrom_rip; value = $$addr[0]; addr = $addr; startframe = $startframe\n"; open WAV, ">/tmp/track${track}.wav" or die $!; binmode WAV; #print WAV $cdrom_rip; for (my $i=0;$i<2352;$i++){ print WAV $buf[$i]; } #syswrite(WAV, $buffer, 2352 );; fail golang-misc-1.15.15-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/golang/misc/arm/a: $ grep -A5 -B5 /tmp/ /usr/lib/golang/misc/arm/a fi } # adb does not correctly return the exit value of the executed program. use this # wrapper to manually extract the exit value rloc=/data/local/tmp/retval rsize=$(adb shell "ls -l $rloc"|tr -s ' '|cut -d' ' -f4) rcheck=38 if [ "$rsize" != "$rcheck" ]; then # echo "debug: retval size incorrect want $rcheck, got $rsize. uploading" echo >/tmp/adb.retval '#!/system/bin/sh "$@" echo RETVAL: $?' adb push /tmp/adb.retval $rloc >/dev/null 2>&1 adb shell chmod 755 $rloc fi # run the main binary if [ "-g" == "$1" ]; then adb forward tcp:$2 tcp:$2 args=$(echo $*| cut -d' ' -f4-) adb push $3 /data/local/tmp/$3 >/dev/null 2>&1 adb shell "$(exp GOARCH) $(exp GOTRACEBACK) $(exp GOGC) \ gdbserver :$2 /data/local/tmp/retval /data/local/tmp/$3 $args" \ 2>&1|tr -d '\r' |tee /tmp/adb.out|grep -v RETVAL else if [ "$*" != "$1" ]; then args=$(echo $*| cut -d' ' -f2-) fi adb push $1 /data/local/tmp/$1 >/dev/null 2>&1 adb shell "$(exp GOARCH) $(exp GOTRACEBACK) $(exp GOGC) \ /data/local/tmp/retval /data/local/tmp/$1 $args" \ 2>&1|tr -d '\r' |tee /tmp/adb.out|grep -v RETVAL fi exit $(grep RETVAL /tmp/adb.out|tr -d '\n\r'| cut -d' ' -f2); fail hunspell-utils-1.7.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/wordforms: $ grep -A5 -B5 /tmp/ /usr/bin/wordforms fx=0 case $1 in -s) fx=1; shift;; -p) fx=2; shift;; esac test -h /tmp/wordforms.aff && rm /tmp/wordforms.aff ln -s $PWD/$1 /tmp/wordforms.aff # prepared dic only with the query word echo 1 >/tmp/wordforms.dic grep "^$3/" $2 >>/tmp/wordforms.dic echo $3 | awk -v "fx=$fx" ' fx!=2 && FILENAME!="-" && /^SFX/ && NF > 4{split($4,a,"/");clen=($3=="0") ? 0 : length($3);sfx[a[1],clen]=a[1];sfxc[a[1],clen]=clen;next} fx!=1 && FILENAME!="-" && /^PFX/ && NF > 4{split($4,a,"/");clen=($3=="0") ? 0 : length($3);pfx[a[1],clen]=a[1];pfxc[a[1],clen]=clen;next} FILENAME=="-"{ wlen=length($1) -- for (j in pfx) {if (wlen<=pfxc[j]) continue; for(i in sfx){clen=sfxc[i];if (wlen<=clen || wlen <= (clen + pfxc[j]))continue; print (pfx[j]=="0" ? "" : pfx[j]) substr($1, pfxc[j]+1, wlen-clen-pfxc[j]) (sfx[i]=="0" ? "": sfx[i]) }} } } ' /tmp/wordforms.aff - | hunspell -d /tmp/wordforms -G -l; fail impose+-0.2-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/impose: $ grep -A5 -B5 /tmp/ /usr/bin/impose $ybot=30 unless $ybot; $pages=6 unless defined $pages; $rotdir="L" unless $rotdir; $filename = shift or do { $filename = "/tmp/$ENV{USER}-tmp.ps"; open(TMP, ">$filename"); while(<>) { print TMP; } close(TMP); $do_stdout++; $do_erase_tmp++; -- $_=; @oddbbox=split; $_=; @evenbbox=split; @oddbbox = @evenbbox unless @evenbbox; close(BB); } elsif ($lastbbox && -e "/tmp/bboxx-$ENV{USER}") { open(BB,"/tmp/bboxx-$ENV{USER}"); $_=; @oddbbox=split; $_=; @evenbbox=split; close(BB); # print "oddbbox = @oddbbox\n"; # print "evenbbox = @evenbbox\n"; -- } @evenbbox = @oddbbox if $noevenodd; # record the bboxx information open(BB, ">/tmp/bboxx-$ENV{USER}"); print BB "@oddbbox\n@evenbbox\n"; close(BB); # Do page calculations $oddwidth = $oddbbox[2]-$oddbbox[0];; fail installer-distro-alt-server-v-stage2-9.0.1-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/05-vm-profile: $ grep -A5 -B5 /tmp/ /usr/share/install2/initinstall.d/05-vm-profile #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } mem="$(sed -n '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB max_disk="$(sort -rn /sys/block/sda/size /sys/block/vda/size /sys/block/vdb/size | head -1)" # in 512-byte sectors # feel free to suggest better defaults; fail installer-distro-altlinux-server-stage2-7.0.2-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/install2/initinstall.d/05-vm-profile: $ grep -A5 -B5 /tmp/ /usr/share/install2/initinstall.d/05-vm-profile #!/bin/sh # see also http://www.altlinux.org/Autoinstall message() { echo "vm-profile: $*" >>/tmp/vm-profile.log; } mem="$(sed -n '/^MemTotal/s/[^0-9]//gp' /proc/meminfo)" # in kB max_disk="$(sort -rn /sys/block/sda/size | head -1)" # in 512-byte sectors # feel free to suggest better defaults; fail installer-scripts-remount-stage2-0.5.20-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/install2-remount-functions: $ grep -A5 -B5 /tmp/ /usr/sbin/install2-remount-functions start_mdraid && start_lvm && start_luks && mount_chroot && set_active \ ) >& /tmp/remount.log || return $? } # avoid automatic rpm shell.req dependency MULTIPATHD=/sbin/multipathd MDADM=/sbin/mdadm LVM=/sbin/lvm CRYPTSETUP=/sbin/cryptsetup CRYPTSETUP_KEY=/tmp/empty PUTFILE=/usr/share/make-initrd/tools/put-file BLKID="blkid -c /dev/null" # alterator-vm should leave LUKS containers # with initial empty password, see #28200 -- # for installer-feature-desktop-other-fs, see also #29005 save_blkid_state() { find /dev/mapper -type l \ | xargs -r $BLKID \ > /tmp/blkid.dm } populate_fstab() { [ ! -f /tmp/fstab ] || cat /tmp/fstab >> "$destdir/etc/fstab" } copy_chroot_binaries() { useputfile= if [ -x "$destdir$PUTFILE" ]; then useputfile='yes' binddir="$(mktemp -d "$destdir/tmp/copy_chroot_binaries.XXXXXXXXX")" workdir="${binddir#$destdir}" mount --bind / "$binddir" else echo "remount: file does not exist or is not available for execution: $destdir$PUTFILE" >&2 fi -- stop_mdraid() { # saving state is only important *after* evms if [ -f /proc/mdstat -a -x "$MDADM" ]; then "$MDADM" --examine --scan \ | grep '^ARRAY /dev/md[0-9/]' > /tmp/mdadm.conf "$MDADM" --stop --scan fi } start_mdraid() { if [ -s /tmp/mdadm.conf -a -x "$MDADM" ]; then # an arbitrary value of the year: packages installed already sysctl -w dev.raid.speed_limit_max=1000000 # chroot's mdadm.conf populated by 45-mdadm.sh "$MDADM" --assemble --run --scan --config=/tmp/mdadm.conf ||: fi } start_multipath() { if [ -x "$MULTIPATHD" ]; then -- done fi } mount_chroot() { # depends on /tmp/fstab just like 10-fstab.sh rootfs="$(awk '{ if ($2=="/") print $1 }' < /tmp/fstab)" case "$rootfs" in UUID=*) rootfs="`$BLKID -U ${rootfs#UUID=}`" ;; LABEL=*) -- echo "by ${UUID:+UUID=$UUID}${LABEL:+LABEL=$LABEL}" time $BLKID return 3 fi >&2 mountopts="$(grep "[[:space:]]/[[:space:]]" /tmp/fstab | awk '{ print $4 }')" mount -v "$rootfs" "$destdir" -o "$mountopts" || return 3 mount -v -o bind /dev "$destdir/dev" mount -v -t sysfs sysfs "$destdir/sys"; fail kismet-common-2014.02.R1-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/kismet-common-2014.02.R1/old/multi-gpsmap.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/kismet-common-2014.02.R1/old/multi-gpsmap.sh if [[ $lat != 0 ]]; then echo $lat cat > /dev/null break fi done > /tmp/mg$$ latitude=`cat /tmp/mg$$` bc -l << EOF > /tmp/mg$$ scale=3 c(($latitude etc usr 8 etc usr a(1))/360) EOF cos_lat=`cat /tmp/mg$$` rm /tmp/mg$$ awk '/gps-point/ { if ( $3 ~ "source.*" ) { print $6" "$7 } else { print $5" "$6 }}' < $1 | while read line; do eval $line echo $lat $lon done | awk -v cos_lat=$cos_lat -v scale=$scale 'BEGIN {olat=0}; fail linuxcnc-2.8.1-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib64/tcl/linuxcnc/ngcgui_ttt.tcl: $ grep -A5 -B5 /tmp/ /usr/lib64/tcl/linuxcnc/ngcgui_ttt.tcl #future: puts check:<$msg> #future: } #future: test ans here # hack follows: catch {set ans1 [eval exec $::ttt(exe) -? 2>/tmp/ttt.q]} catch {set ans2 [eval exec grep -c subdiv /tmp/ttt.q]} catch {file delete /tmp/ttt.q} if {[info exists ans2] && $ans2 == 1} { set ::ttt(msg) "::ttt::embedinit [_ "found truetype-tracer v4 -OK"]" return 1 } else { puts stderr "::ttt::embedinit:[_ "Note truetype-tracer v4 is required"]"; fail lua-module-luasocket-3.0rc1-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/luarocks/rocks/luasocket/3.0rc1-1/test/cgi/cat: $ grep -A5 -B5 /tmp/ /usr/lib/luarocks/rocks/luasocket/3.0rc1-1/test/cgi/cat #!/bin/sh echo Content-type: text/plain echo cat > /tmp/luasocket.cat.tmp cat /tmp/luasocket.cat.tmp; fail lz11-V2-1.2-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/lz11.stopjobs: $ grep -A5 -B5 /tmp/ /usr/bin/lz11.stopjobs if [ -z "${pids}" ] ; then exit 0 fi echo "${pids}" > /tmp/lz11.terminate waitcounts=30 echo echo echo "removing all active printer jobs for --$(whoami)-- " echo " etc usr with PIDS ${pids}" -- if [ ${nonefound} == 1 ] ; then i=${waitcounts} echo -n " STOPPED!" fi done rm -f /tmp/lz11.terminate echo if [ ${nonefound} = 0 ] ; then echo "The program could not stop the prints safely." echo "Just killing the print processes now!" echo Found error in /usr/bin/lz11.foomatic: $ grep -A5 -B5 /tmp/ /usr/bin/lz11.foomatic $debug = 1; local *ERR; if ($debug) { open(ERR,">>/tmp/lz11err"); print ERR "-----------\n"; print ERR "@ARGV\n"; } else { open(ERR, ">&STDERR"); } -- # ---------------------------------------------------------- # cZ11 command line # ---------------------------------------------------------- $cz11 = "cZ11-V2 $devicez11 $sizez11 $adjustz11"; if ( $cancel == 1 ) { $cz11 = "$cz11"." --terminate=/tmp/lz11.terminate"; } elsif ( $cancel ) { $cz11 = "$cz11"." --terminate-eject=/tmp/lz11.terminate"; } $cz11 = "$cz11"." 2>>/tmp/lz11err"; # ---------------------------------------------------------- # Do it! # ---------------------------------------------------------- $invokation = "$gs -q -dBATCH -dSAFER -dNOPAUSE $devicegs $ditherppi $resgs $sizegs -sOutputFile=- - | $cz11"; if ($debug) { print ERR "$invokation \n"; } system("$invokation"); system("chmod a+rw /tmp/lz11*"); close(ERR);; fail m2300w-0.51-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/m2300w-wrapper: $ grep -A5 -B5 /tmp/ /usr/bin/m2300w-wrapper # is heavy based on the Script from Rick's 'foo2zjs-wrapper' for the # Minolta Magiccolor 2300DL. # So i will leave his copyright on it. #********************************************************************* cat >> /tmp/m2300w.log <> /tmp/m2300w.log <>/tmp/m2300w.log) 3>&1 | tee /tmp/m2300w_gsout.pbm | $DRIVER $DRIVER_DEBUG $M2300WUCR $SAVETONER $PAPERCODE $MEDIACODE \ -i - -o - $COLOR $RESCODESTR | tee /tmp/m2300w.prn EOF $PREFILTER | ($GS $gsPaperCode $RES $GSDEV $GSOPT \ -sOutputFile="|cat 1>&3" $RENDERFILES - >>/tmp/m2300w.log) 3>&1 | tee_pbm | $DRIVER $DRIVER_DEBUG $M2300WUCR $SAVETONER $PAPERCODE $MEDIACODE \ -i - -o - $COLOR $RESCODESTR | tee_prn; fail make-initrd-colaboot-0.5-alt2.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/make-initrd/features/colaboot/data/scripts/post/udev/colaboot: $ grep -A5 -B5 /tmp/ /usr/share/make-initrd/features/colaboot/data/scripts/post/udev/colaboot REPLACEMENT=$(echo $ROOT |sed -r -e 's|(.*)/.*|\1|') elif echo $MACRO_NAME |grep -q "^DHCP_"; then # for this macro type we need to make sure first that network is up [ -z "$NETWORK_IS_UP" ] && network_init >&2 DHCP_OPT_NAME=$(echo $MACRO_NAME |sed -e 's/^DHCP_//') REPLACEMENT=$(get_mnf_param $DHCP_OPT_NAME /tmp/lease-info |sed -e "s/'//g") fi STR=$(echo $STR |sed -e "s|{.*}|$REPLACEMENT|") fi echo $STR } -- done } network_init() { if [ -s /tmp/lease-info ]; then # It seems network is already up NETWORK_IS_UP=1 return fi -- fi sleep .1 done if ip -o -4 addr list |grep -Fqv "inet 127.0.0.1"; then verbose "Save lease info into /tmp/lease-info" for lease in /var/lib/dhcpcd/*.lease; do iface=$(basename $lease |sed -e 's/dhcpcd-//' -e 's/\.lease$//') dhcpcd -4 -U $iface > /tmp/lease-info done NETWORK_IS_UP=1 else error "No assigned IP found. Network problem?" fi -- FORCE_CACHE_IMAGES=${clb_force_cache_images:-1} WAIT_DELAY=${ROOTDELAY:-180} verbose "CoLaBoot: root url=${ROOT}, clb_fs_size=${clb_fs_size}, clb_force_cache_images=${FORCE_CACHE_IMAGES}" RDISK=/tmp/clb-ramdisk CACHED_IMAGES=$RDISK/cached-images IMAGES_MPOINTS=$RDISK/mount-points IMG_FS_PATH=/tmp/images-fs # this location can be overrided for local HDD, NFS or iSCSI RW_LAYER_PATH=$IMAGES_MPOINTS mkdir -p $RDISK -- for MPOINT in $IMG_FS_PATH/*; do grep -q " $MPOINT " /proc/mounts && umount -l $MPOINT done [ -n "$NETWORK_IS_UP" -o -s /tmp/lease-info ] && network_down } # =========< start here >============= prepare; fail ndiswrapper-1.61-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/ndiswrapper-buginfo: $ grep -A5 -B5 /tmp/ /usr/sbin/ndiswrapper-buginfo # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA LOGFILE=`mktemp /tmp/ndiswrapper.XXXXXX` KVERS=`uname -r` log() { echo -e "$*" 2>&1 >> $LOGFILE -- log "kernel config missing" fi fi fi gzip -c $LOGFILE > /tmp/ndiswrapper-buginfo.gz echo "please attach /tmp/ndiswrapper-buginfo.gz to your bugreport!" \rm -f $LOGFILE; fail netdata-1.18.1-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/netdata/plugins.d/health-cmdapi-test.sh: $ grep -A5 -B5 /tmp/ /usr/lib/netdata/plugins.d/health-cmdapi-test.sh d['alarms']['system.cpu.10min_cpu_iowait']['silenced'], \ d['alarms']['system.load.load_trigger']['disabled'], \ d['alarms']['system.load.load_trigger']['silenced'], \ );" 2>&1) if [ $? -ne 0 ] ; then echo -e " ${RED}ERROR: Unexpected response stored in /tmp/resp-$number.json" echo "$resp" > /tmp/resp-$number.json err=$((err+1)) iter=0 elif [ "${r}" != "${2}" ] ; then echo -e " ${GRAY}WARNING: 'Got ${r}'. Expected '${2}'" iter=$((iter+1)); fail netinst-overlays-0.03-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/overlays-manage: $ grep -A5 -B5 /tmp/ /usr/bin/overlays-manage ExCmd() { # archive file local D D="`mktemp -d`" unsquashfs -d "$D/1" "$1" "$2" cat "$D/1/$2" find "$D" >> /tmp/log 2>&1 rm -rf "$D" } EXTMP= ADDHOSTS="" # what hosts want their hostkey on diskless DST="`logname`@`hostname`" # where to copy overlays; fail ocsinventory-agent-2.8.1-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/ocsinventory-agent: $ grep -A5 -B5 /tmp/ /usr/bin/ocsinventory-agent =item B<--stdout> Print the inventory on stdout. % ocsinventory-agent --stdout > /tmp/report.xml # prepare an inventory and write it in the /tmp/report.xml file. # A file will be created. =item B<--scan-homedirs> Authorized OCS to scan home directories to increase the Virtual Machine inventory.; fail otl-0.54-alt1.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/otlsub: $ grep -A5 -B5 /tmp/ /usr/bin/otlsub ################################### # need to rewrite and reread file so that \n's are now processed correctly # and each line ends up as a separate array element # -- write it to temp file unlink("/tmp/tmp.otl"); open(FOUT, ">/tmp/tmp.otl"); flock(FOUT,2); print FOUT @linesout; close (FOUT); # now read it @linesout=(); open(INFO,"/tmp/tmp.otl"); @linesout=; close(INFO); # # $llength is length of linesout Found error in /usr/bin/otl: $ grep -A5 -B5 /tmp/ /usr/bin/otl #### # # need to rewrite and reread file so that \n's are now processed correctly # and each line ends up as a separate array element # -- write it to temp file open(FOUT, ">/tmp/tmp.otl"); flock(FOUT,2); print FOUT @linesout; close (FOUT); # now read it @linesout=(); open(INFO,"/tmp/tmp.otl"); @linesout=; close(INFO); $lineslength=@linesout; if ($debug); fail perl-Tapper-Cmd-5.0.10-alt1_1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/perl5/auto/Tapper/Cmd/Init/hello-world/run-hello-world.sh: $ grep -A5 -B5 /tmp/ /usr/share/perl5/auto/Tapper/Cmd/Init/hello-world/run-hello-world.sh start-tapper-daemon () { DAEMON=$1 if ps auxwww | grep -v grep | grep $DAEMON ; then kill $(ps auxwww | grep -v grep | grep $DAEMON | awk '{print $2}') fi $DAEMON > /tmp/$DAEMON-helloworld.log 2>&1 & } start-tapper-daemon tapper_reports_web_server.pl start-tapper-daemon tapper-reports-receiver start-tapper-daemon tapper-reports-api; fail phoronix-test-suite-10.4.0-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww2-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/tww2-1.1.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Total War WARHAMMER II" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tww2-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.3/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.3/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.2/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.2/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/twtk-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Three Kingdoms" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/twtk-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/thronesofbritannia-1.0.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/thronesofbritannia-1.0.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Thrones of Britannia" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/tob-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/interim.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.1.0/interim.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/shadowofthetombraider-1.0.0/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Shadow of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" > /tmp/sotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" if [ -f "$GAME_PREFS/preferences" ]; then rm "$GAME_PREFS/preferences" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.2/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.2/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Rise of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/rotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/riseofthetombraider-1.0.1/pre.sh #!/bin/bash -e set -o xtrace exec > /tmp/test exec 2>&1 # Input settings WIDTH=$1 HEIGHT=$2 -- export HOME=$DEBUG_REAL_HOME GAME_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive/Rise of the Tomb Raider" # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/rotr-bkp-dt GAME_PREFS_BKP="${GAME_PREFS}.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.1/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.1/pre.sh #!/bin/bash set -o xtrace exec > /tmp/test exec 2>&1 export HOME=$DEBUG_REAL_HOME # Game identity FERAL_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive" -- ;; esac # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/f12017-bkp-dt GAME_PREFS_BKP="${FERAL_PREFS}/F1 2017.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}" Found error in /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.0/pre.sh: $ grep -A5 -B5 /tmp/ /usr/share/phoronix-test-suite/ob-cache/test-profiles/pts/f12017-1.1.0/pre.sh #!/bin/bash set -o xtrace exec > /tmp/test exec 2>&1 export HOME=$DEBUG_REAL_HOME # Game identity FERAL_PREFS="$DEBUG_REAL_HOME/.local/share/feral-interactive" -- ;; esac # Set up (and back up) the game preferences files DATETIME=$( date +%Y-%d-%m-%H-%M ) echo "$DATETIME" >/tmp/f12017-bkp-dt GAME_PREFS_BKP="${FERAL_PREFS}/F1 2017.pts-$DATETIME-bkp" cp -r "$GAME_PREFS" "$GAME_PREFS_BKP" # clear previous runs rm -rf "${GAME_PREFS:?}"; fail pki-acme-10.10.6-alt1.c9f2.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/pki/acme/bin/pki-acme-run: $ grep -A5 -B5 /tmp/ /usr/share/pki/acme/bin/pki-acme-run [ -f /var/lib/tomcats/pki/conf/certs/ca_signing.key ] then echo "INFO: Importing CA Signing Certificate and Key" # generate random password openssl rand -hex 8 > /tmp/password # import PEM cert and key into PKCS #12 file openssl pkcs12 -export \ -in /var/lib/tomcats/pki/conf/certs/ca_signing.crt \ -inkey /var/lib/tomcats/pki/conf/certs/ca_signing.key \ -out /tmp/certs.p12 \ -name ca_signing \ -passout file:/tmp/password # import PKCS #12 file into NSS database pki -d /var/lib/tomcats/pki/conf/alias pkcs12-import \ --pkcs12 /tmp/certs.p12 \ --password-file /tmp/password # trust imported CA signing cert certutil -M -d /var/lib/tomcats/pki/conf/alias -n ca_signing -t CT,C,C rm /tmp/certs.p12 rm /tmp/password fi # import certs.p12 if available if [ -f /var/lib/tomcats/pki/conf/certs/certs.p12 ] then -- echo "INFO: Issuing Self-signed CA Signing Certificate" # generate CA signing CSR pki -d /var/lib/tomcats/pki/conf/alias nss-cert-request \ --subject "CN=CA Signing Certificate" \ --csr /tmp/ca_signing.csr # issue self-signed CA signing cert pki -d /var/lib/tomcats/pki/conf/alias nss-cert-issue \ --csr /tmp/ca_signing.csr \ --ext /usr/share/pki/acme/issuer/nss/ca_signing.conf \ --months-valid 12 \ --cert /tmp/ca_signing.crt # import and trust CA signing cert into NSS database pki -d /var/lib/tomcats/pki/conf/alias nss-cert-import \ --cert /tmp/ca_signing.crt \ --trust CT,C,C \ ca_signing rm /tmp/ca_signing.crt rm /tmp/ca_signing.csr fi echo "INFO: CA Signing Certificate:" certutil -L -d /var/lib/tomcats/pki/conf/alias -n ca_signing -- echo "INFO: Issuing SSL Server Certificate" # generate SSL server CSR pki -d /var/lib/tomcats/pki/conf/alias nss-cert-request \ --subject "CN=$HOSTNAME" \ --csr /tmp/sslserver.csr # issue SSL server cert pki -d /var/lib/tomcats/pki/conf/alias nss-cert-issue \ --issuer ca_signing \ --csr /tmp/sslserver.csr \ --ext /usr/share/pki/acme/issuer/nss/sslserver.conf \ --cert /tmp/sslserver.crt # import SSL server cert into NSS database pki -d /var/lib/tomcats/pki/conf/alias nss-cert-import \ --cert /tmp/sslserver.crt \ sslserver rm /tmp/sslserver.crt rm /tmp/sslserver.csr fi echo "INFO: SSL Server Certificate:" certutil -L -d /var/lib/tomcats/pki/conf/alias -n sslserver; fail plan9-1.0-alt1.1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/plan9/bin/ps: $ grep -A5 -B5 /tmp/ /usr/lib/plan9/bin/ps then all=yes fi export all cat >/tmp/awk.xxx$$ <<'!' BEGIN{ state["D"] = "Spinwait"; state["I"] = "Idle"; state["J"] = "Jail"; state["R"] = "Ready"; -- ! case "${SYSNAME:-`uname`}" in SunOS) /bin/ps -aA -o 'user,pid,stime,time,rss,s,s,args' | sed 1d | nawk -f /tmp/awk.xxx$$ | sort -n +1 ;; *) /bin/ps -axww -o 'user,pid,start,time,rss,stat,wchan,command' | sed 1d | awk -f /tmp/awk.xxx$$ | sort -n +1 ;; esac rm -f /tmp/awk.xxx$$; fail plan9-man-1.0-alt1.1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/plan9/bin/man: $ grep -A5 -B5 /tmp/ /usr/lib/plan9/bin/man MAN=manhtml b=`{echo $1 | sed 's/\.[0-9].*//'} if(test -f $b.html) web $b.html if not{ roff t $1 | troff2html >/tmp/man.$pid.$seq.html web /tmp/man.$pid.$seq.html seq=`{echo 1+$seq | hoc} } } #; fail pptpd-1.4.0-alt3.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/pptpd-1.4.0/tools/vpnuser: $ grep -A5 -B5 /tmp/ /usr/share/doc/pptpd-1.4.0/tools/vpnuser exit 1 fi ;; del) if [ "$(echo $2)" != "" ]; then grep -vw "$2" $config > /tmp/vpnblaat mv /tmp/vpnblaat $config chmod 600 $config else echo -e $ERROR exit 1 fi -- cat $config fi ;; domain) if [ "$(echo $2)" != "" ] & [ "$(echo $3)" != "" ]; then grep -vw "$2" $config > /tmp/vpnblaat DATA=`grep -w "$2" $config` mv /tmp/vpnblaat $config DOM=`echo $3 | tr a-z A-Z` dom=`echo $3 | tr A-Z a-z` echo "$DOM\\\\$DATA" >> $config echo "$dom\\\\$DATA" >> $config chmod 600 $config; fail pulseaudio-equalizer-2.7-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/pulseaudio-equalizer: $ grep -A5 -B5 /tmp/ /usr/bin/pulseaudio-equalizer if [ "$1" = "disable" -o "$1" = "enable" ]; then echo "-------------------------------------" echo "Current operation: disabling equalizer" echo "-------------------------------------" echo -n >/tmp/eqcommands.sh # Unload & reload stream-restore module echo "Unloading & reloading stream-restore module..." echo >>/tmp/eqcommands.sh "unload-module $(pacmd list | grep -B1 -m1 'name: ' | grep ' index: ' | sed 's/ index: //g')" echo >>/tmp/eqcommands.sh "load-module module-stream-restore" # Unload LADSPA sink module (if it is already loaded) echo "Unloading module-ladspa-sink..." echo >>/tmp/eqcommands.sh "unload-module $(pacmd list | grep -B1 -m1 'name: ' | grep ' index: ' | sed 's/ index: //g')" # Move active client sinks to ALSA sink echo "Moving active PulseAudio clients to ALSA sink ($PA_MASTER_SINK)..." echo >>/tmp/eqcommands.sh "$(pacmd "list-sink-inputs" | grep 'index: ' | sed 's/ index: /move-sink-input /g' | sed "s/$/ $PA_MASTER_SINK/g")" # Transfer current mute/sink volume to ALSA sink echo "Transferring current mute ($PA_CURRENT_MUTE) & volume ($PA_CURRENT_VOLUME%) to ALSA sink ($PA_MASTER_SINK)..." echo >>/tmp/eqcommands.sh "set-default-sink $PA_MASTER_SINK" echo >>/tmp/eqcommands.sh "set-sink-volume $PA_MASTER_SINK $PA_REAL_VOLUME" echo >>/tmp/eqcommands.sh "set-sink-mute $PA_MASTER_SINK $PA_CURRENT_MUTE" # Execute all queued commands (for potential speed benefit)... pacmd /dev/null fi if [ "$1" = "enable" ]; then echo "-------------------------------------" echo "Current operation: enabling equalizer" echo "-------------------------------------" echo -n >/tmp/eqcommands.sh # Unload & reload stream-restore module with restore_device option disabled (to ensure that previously cached per-client sinks are not used) echo "Unloading & reloading stream-restore module..." echo >>/tmp/eqcommands.sh "unload-module $(pacmd list | grep -B1 -m1 'name: ' | grep ' index: ' | sed 's/ index: //g')" echo >>/tmp/eqcommands.sh "load-module module-stream-restore restore_device=false" # Load LADSPA sink module echo "Loading module-ladspa-sink..." echo >>/tmp/eqcommands.sh "load-module module-ladspa-sink sink_name=$PA_LADSPA_SINK master=$PA_MASTER_SINK plugin=$PA_LADSPA_PLUGIN label=$PA_LADSPA_LABEL control=$PA_LADSPA_CONTROLS" # Transfer current sink mute/volume to LADSPA sink echo "Transferring current mute ($PA_CURRENT_MUTE) & volume ($PA_CURRENT_VOLUME%) to LADSPA sink ($PA_LADSPA_SINK)..." echo >>/tmp/eqcommands.sh "set-sink-volume $PA_LADSPA_SINK $PA_REAL_VOLUME" echo >>/tmp/eqcommands.sh "set-sink-mute $PA_LADSPA_SINK $PA_CURRENT_MUTE" # Unmute & set preamp level on ALSA sink (as LADSPA sink will act as primary volume control) echo "Setting ALSA sink ($PA_MASTER_SINK) preamp ("$PA_PREAMP"x)..." #echo >>/tmp/eqcommands.sh "set-sink-volume $PA_MASTER_SINK $PA_REAL_PREAMP" echo >>/tmp/eqcommands.sh "set-sink-mute $PA_MASTER_SINK 0" # Set the LADSPA sink as the default echo "Setting LADSPA sink ($PA_LADSPA_SINK) as default sink..." echo >>/tmp/eqcommands.sh "set-default-sink $PA_LADSPA_SINK" # Move currently active client sinks to LADSPA sink echo "Moving active PulseAudio clients to LADSPA sink ($PA_LADSPA_SINK)..." echo >>/tmp/eqcommands.sh "$(pacmd "list-sink-inputs" | grep 'index: ' | sed 's/ index: /move-sink-input /g' | sed "s/$/ $PA_LADSPA_SINK/g")" # Execute all queued commands (for potential speed benefit)... pacmd /dev/null fi if [ "$1" = "" -o "$1" = "-h" -o "$1" = "--help" ]; then echo -e "Usage: $SCRIPT_NAME [option]" echo -e "WARNING: This is for internal use by the pulseaudio-equalizer-gtk interface."; fail pyrpm-0.69-alt2.1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/pyrpmkickstart: $ grep -A5 -B5 /tmp/ /usr/bin/pyrpmkickstart return 1 source_dir = stage2_dir+"/mnt/source" target_dir = stage2_dir+"/mnt/sysimage" repos_dir = stage2_dir+"/mnt/repos" # nfs repo base directory cache_dir = stage2_dir+"/tmp/cache" # create mount points create_dir("", source_dir) create_dir("", target_dir) create_dir("", repos_dir) -- # create cache dir pyrpm.rpmconfig.cachedir = cache_dir # global logging create_dir(tempdir, "/tmp") log_filename = tempdir+"/tmp/pyrpmkickstart.log" log_file = pyrpm.logger.FileLog(log_filename) log.info1("Logging to '%s'.", log_filename) log.addInfoLogging("*", log_file, fmt="%(date)s %(label)s%(message)s") log.addDebugLogging("*", log_file, fmt="%(date)s %(label)s%(message)s") # set extra file logging -- del t # create temporary devices which are usable by grub (hda, hda1, ..) devmap = { } # device mapping for disk in hds: dev = "/tmp/%s" % disk copy_device(diskmap[disk]["device"], target_chroot, source_dir=stage2_dir, target=dev) devmap[diskmap[disk]["device"]] = dev for onpart in partitionmap: if partitionmap[onpart].has_key("raid"): pass elif partitionmap[onpart].has_key("volgroup"): # already done pass else: dev = "/tmp/%s%d" % (partitionmap[onpart]["disk"], partitionmap[onpart]["id"]) copy_device(partitionmap[onpart]["device"], target_chroot, source_dir=stage2_dir, target=dev) devmap[partitionmap[onpart]["device"]] = dev -- if not create_file(target_chroot, "/boot/grub/devices.map", content): return 1 # grub setup content = [ '/sbin/grub --batch >/tmp/grub-setup.log < The debug flag for agent (${OCF_RESKEY_binary}) instance. In the /tmp/ directory will be created rmq-* files for log some operations and ENV values inside OCF-script. AMQP server (${OCF_RESKEY_binary}) debug flag -- local rc=$OCF_ERR_GENERIC local LH="${LL} monitor:" ocf_log debug "${LH} action start." if [ "${OCF_RESKEY_debug}" = 'true' ] ; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-monitor.log env >> /tmp/rmq-monitor.log echo "$d [monitor] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi get_monitor rc=$? ocf_log debug "${LH} role: ${OCF_RESKEY_CRM_meta_role}" ocf_log debug "${LH} result: $rc" -- local LH="${LL} start:" local nowtime if [ "${OCF_RESKEY_debug}" = 'true' ] ; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-start.log env >> /tmp/rmq-start.log echo "$d [start] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." get_status -- local rc=$OCF_ERR_GENERIC local LH="${LL} stop:" if [ "${OCF_RESKEY_debug}" = 'true' ] ; then d=$(date '+%Y%m%d %H:%M:%S') echo $d >> /tmp/rmq-stop.log env >> /tmp/rmq-stop.log echo "$d [stop] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." ocf_log info "${LH} Deleting master attribute" -- local LH="${LL} notify:" local nodelist if [ "${OCF_RESKEY_debug}" = 'true' ] ; then d=`date '+%Y%m%d %H:%M:%S'` echo $d >> /tmp/rmq-notify.log env >> /tmp/rmq-notify.log echo "$d [notify] ${OCF_RESKEY_CRM_meta_notify_type}-${OCF_RESKEY_CRM_meta_notify_operation} promote='${OCF_RESKEY_CRM_meta_notify_promote_uname}' demote='${OCF_RESKEY_CRM_meta_notify_demote_uname}' master='${OCF_RESKEY_CRM_meta_notify_master_uname}' slave='${OCF_RESKEY_CRM_meta_notify_slave_uname}' start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi if [ "${OCF_RESKEY_CRM_meta_notify_type}" = 'post' ] ; then # POST- anything notify section case "$OCF_RESKEY_CRM_meta_notify_operation" in -- local rc=$OCF_ERR_GENERIC local LH="${LL} promote:" if [ "${OCF_RESKEY_debug}" = 'true' ] ; then d=$(date '+%Y%m%d %H:%M:%S') echo $d >> /tmp/rmq-promote.log env >> /tmp/rmq-promote.log echo "$d [promote] start='${OCF_RESKEY_CRM_meta_notify_start_uname}' stop='${OCF_RESKEY_CRM_meta_notify_stop_uname}' active='${OCF_RESKEY_CRM_meta_notify_active_uname}' inactive='${OCF_RESKEY_CRM_meta_notify_inactive_uname}'" >> /tmp/rmq-ocf.log fi ocf_log info "${LH} action begin." get_monitor; fail rancid-2.3.8-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/rancid-2.3.8/getipacctg: $ grep -A5 -B5 /tmp/ /usr/share/doc/rancid-2.3.8/getipacctg # will display the top 25 for src or dst ip's within prefix # 192.168.0.0/24 # # Contributed to rancid by Steve Neighorn of SCN Reasearch. TMP="/tmp/ipacct.$$.prefixes" TMP2="/tmp/ipacct.$$.sorted" TMP3="/tmp/ipacct.$$.pl" if [ $# -eq 0 ] ; then echo "usage: getipacctg router_name [] [ [...]]" >&2 exit 1; fi trap 'rm -fr /tmp/ipacct.$$ $TMP $TMP2 $TMP3;' 1 2 15 clogin -c 'show ip accounting' $1 > /tmp/ipacct.$$ if [ $? -ne 0 ] ; then echo "clogin failed." >&2 exit 1 fi -- fi shift done 6>&- egrep '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ +[0-9]+\.[0-9]+\.' /tmp/ipacct.$$ | \ sed -e 's/^ *//' -e 's/ etc/ usr/ var/ /g' -e 's/.$//' | \ awk '{print $4":"$0;}' | sort -nr | \ sed -e 's/^[^:]*://' > $TMP2 if [ -s $TMP ] ; then -- perl $TMP3 $TMP $TMP2 | $HEAD else $HEAD $TMP2 fi rm -fr /tmp/ipacct.$$ $TMP $TMP2 $TMP3 trap ';' 1 2 15 exit 0; fail ruby-libvirt-0.7.1-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gems/2.5.0/gems/ruby-libvirt-0.7.1/tests/test_storage.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gems/2.5.0/gems/ruby-libvirt-0.7.1/tests/test_storage.rb test.img 0 1 /tmp/rb-libvirt-test/test.img EOF new_storage_vol_xml_2 = < test2.img 0 5 /tmp/rb-libvirt-test/test2.img EOF # TESTGROUP: vol.pool -- expect_too_many_args(newpool, "delete", 1, 2) expect_invalid_arg_type(newpool, "delete", 'foo') expect_success(newpool, "no args", "delete") `mkdir -p /tmp/rb-libvirt-test` newpool.undefine `mkdir -p #{$POOL_PATH}` # TESTGROUP: pool.refresh; fail scanbuttond-0.2.3-alt4.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/scanbuttond/buttonpressed.sh: $ grep -A5 -B5 /tmp/ /etc/scanbuttond/buttonpressed.sh # $1 ... the button number # $2 ... the scanner's SANE device name, which comes in handy if there are two or # more scanners. In this case we can pass the device name to SANE programs # like scanimage. TMPFILE="/tmp/scan.tiff" LOCKFILE="/tmp/copy.lock" case $1 in 1) echo "button 1 has been pressed on $2" -- # echo "Error: Another scanning operation is currently in progress" # exit # fi # touch $LOCKFILE # rm -f $TMPFILE scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm A= gimp /tmp/image.pnm # tiff2ps -z -w 8.27 -h 11.69 $TMPFILE | lpr # rm -f $LOCKFILE # ;; 2) echo "button 2 has been pressed on $2" scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm lpr /tmp/image.pnm ;; 3) echo "button 3 has been pressed on $2" scanimage --device-name $2 -x 215 -y 297 1> /tmp/image.pnm A= evolution mailto:?attach=/tmp/image.pnm ;; 4) echo "button 4 has been pressed on $2" ;; esac; fail seafile-seahub-5.1.4-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/seafile-seahub/tests/seahubtests.sh: $ grep -A5 -B5 /tmp/ /usr/share/seafile-seahub/tests/seahubtests.sh # TODO: cache api token. echo "REST_FRAMEWORK = {'DEFAULT_THROTTLE_RATES': {'ping': '600/minute', 'anon': '5000/minute', 'user': '300/minute',},}" >> "${local_settings_py}" } function start_seahub() { $PYTHON ./manage.py runserver 1>/tmp/seahub.access.log 2>&1 & sleep 5 } function check_phantom_js() { if ! which phantomjs >/dev/null; then -- set +e py.test $nose_opts tests rvalue=$? if [[ ${TRAVIS} != "" ]]; then # On travis-ci, dump seahub logs when test finished for logfile in /tmp/seahub*.log; do echo -e "\nLog file $logfile:\n" cat "${logfile}" echo done fi Found error in /usr/share/seafile-seahub/tests/install-deps.sh: $ grep -A5 -B5 /tmp/ /usr/share/seafile-seahub/tests/install-deps.sh SEAHUB_SRCDIR=$(dirname "${SEAHUB_TESTSDIR}") cd "$SEAHUB_SRCDIR" # install phantomjs curl -L -o /tmp/phantomjs.tar.bz2 https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.7-linux-x86_64.tar.bz2 tar -C /tmp -xf /tmp/phantomjs.tar.bz2 sudo install -m 755 /tmp/phantomjs-1.9.7-linux-x86_64/bin/phantomjs /usr/bin/phantomjs sudo apt-get install nginx sudo mv /etc/nginx/sites-enabled/default /etc/nginx/default.backup cat <<'EOF' >/tmp/seafile.conf server { listen 80; server_name _ default_server; location /seafhttp { rewrite ^/fileserver(.*)$ $1 break; -- } } EOF sudo mv /tmp/seafile.conf /etc/nginx/sites-enabled/ sudo service nginx restart; fail select-kernel-0.99.2-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/sbin/select-kernel: $ grep -A5 -B5 /tmp/ /usr/sbin/select-kernel message() { printf %s\\n "$PROG: $*" >&2 } debug() { echo "$@" >> /tmp/$PROG.dbg } show_help() { cat << EOF -- yes= numeric= RELEASE=. FLAVOUR=. CACHE=/tmp/$PROG.$$ trap "rm -f $CACHE" EXIT SIGHUP SIGINT SIGQUIT SIGTERM while [ -n "$1" ]; do if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then show_help; fail sensorfw-contextfw-tests-0.7.2-alt3.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/sensorfw-contextfw-tests/testorientation-manual.sh: $ grep -A5 -B5 /tmp/ /usr/share/sensorfw-contextfw-tests/testorientation-manual.sh ## Contact: Tapio Rantala ## INPUT_DEV_NUM=`ls /sys/class/input/event0/device/name /sys/class/input/event1/device/name /sys/class/input/event2/device/name /sys/class/input/event3/device/name /sys/class/input/event4/device/name | xargs grep -i accelerometer | cut -c23` INPUT_DEV=/dev/input/event${INPUT_DEV_NUM} FIFO=/tmp/accelerometer echo "Faking input device $INPUT_DEV" if [ ! -e $FIFO ] ; then echo "Created $FIFO for testing" -- /sbin/service sensord stop > /dev/null 2>&1 sleep 2 killall sensord > /dev/null 2>&1 # Start sensord manually to load libsensorfakeopen.so env LD_PRELOAD=libsensorfakeopen.so /usr/sbin/sensord > /tmp/sensord.test.log 2>&1 & # If we don't input something to the FIFO sensord blocks indefinitely echo "" > $FIFO sleep 1 echo "" > $FIFO; fail texlive-collection-basic-2018-alt1_5.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/texmf-dist/scripts/shipunov/biokey2html.sh: $ grep -A5 -B5 /tmp/ /usr/share/texmf-dist/scripts/shipunov/biokey2html.sh #!/bin/bash export PATH=.:{$PATH} biokey2html1.pl $1 > $12 biokey2html2.pl $12 > /tmp/$1.$$ biokey2html3.pl /tmp/$1.$$ > $1.html #; fail tsung-1.7.0-alt2.qa1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/tsung-recorder: $ grep -A5 -B5 /tmp/ /usr/bin/tsung-recorder rm $PIDFILE fi } status() { PIDFILE="/tmp/tsung_recorder.pid" if [ -f $PIDFILE ]; then echo "Tsung recorder started [OK]" else echo "Tsung recorder not started " fi -- -tsung_recorder plugin ts_proxy_$RECORDER_PLUGIN \ -tsung_recorder proxy_log_file \"$MAIN_DIR/tsung_recorder.xml\" \ -tsung_recorder pgsql_server \"${PGSQL_SERVER_IP}\" \ -tsung_recorder pgsql_port ${PGSQL_SERVER_PORT} \ -tsung_recorder proxy_listen_port $LISTEN_PORT & echo $! > /tmp/tsung_recorder.pid } version() { echo "Tsung Recorder version $VERSION" exit 0 -- done shift $(($OPTIND - 1)) case $1 in start) PIDFILE="/tmp/tsung_recorder.pid" maindir logdir checkrunning start ;; record_tag) record_tag $* ;; stop) PIDFILE="/tmp/tsung_recorder.pid" stop ;; status) status ;;; fail vlc-mini-3.0.16-alt1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/vlc/utils/video-vlc-default.sh: $ grep -A5 -B5 /tmp/ /usr/share/vlc/utils/video-vlc-default.sh MIME_FILE=~/.local/share/applications/defaults.list if [ ! -f $MIME_FILE ] then echo "[Default Applications]" > $MIME_FILE else grep -v 'video/' $MIME_FILE > /tmp/vlc.defaults.list.tmp mv /tmp/vlc.defaults.list.tmp $MIME_FILE fi ls /usr/share/mime/video/* | sed -e 's@/usr/share/mime/@@' -e 's/\.xml/=vlc.desktop/' >> $MIME_FILE Found error in /usr/share/vlc/utils/audio-vlc-default.sh: $ grep -A5 -B5 /tmp/ /usr/share/vlc/utils/audio-vlc-default.sh MIME_FILE=~/.local/share/applications/defaults.list if [ ! -f $MIME_FILE ] then echo "[Default Applications]" > $MIME_FILE else grep -v 'audio/' $MIME_FILE > /tmp/vlc.defaults.list.tmp mv /tmp/vlc.defaults.list.tmp $MIME_FILE fi ls /usr/share/mime/audio/* | sed -e 's@/usr/share/mime/@@' -e 's/\.xml/=vlc.desktop/' >> $MIME_FILE; fail vzpbackup-1.6-alt1.git.5d1ff63f.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/vzpbackup.sh: $ grep -A5 -B5 /tmp/ /usr/bin/vzpbackup.sh # Check if the VE exists if grep -w "$CTID" <<< `$VZLIST_CMD -a -Hoctid` &> /dev/null; then if [ $COMPACT == 1 ]; then echo "Compacting CTID: $CTID" $VZCTL_CMD compact $CTID > /tmp/vzpbackup_compact_$CTID_$TIMESTAMP.log echo "Compact log file: /tmp/vzpbackup_compact_$CTID_$TIMESTAMP.log" fi echo "Backing up CTID: $CTID" ID=$(uuidgen); fail xenomai-cobalt-3.1-alt3.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/xenomai/cobalt/testsuite/dohell: $ grep -A5 -B5 /tmp/ /usr/lib/xenomai/cobalt/testsuite/dohell else echo netcat or nc not found exit 1 fi seq 1 399999 > /tmp/netcat.data ( while :; do cat /tmp/netcat.data; sleep 15; done | $nc $server $port ) & pids="$!" fi if [ -n "$mntpoint" ]; then while :; do dd if=/dev/zero of=$mntpoint/bigfile bs=1024000 count=100; sync; done &; info bash3-examples-3.2.57-alt4.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/bash3-3.2.57/examples/scripts/bcsh.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/scripts/bcsh.sh ;; esac trap ':' 2 trap exit 3 trap "tail -n $savehist $histfile>/tmp/hist$$;uniq /tmp/hist$$ > $histfile;\ rm -f /tmp/*$$;exit 0" 15 getcmd=yes mailcheck= exclaim= echoit= -- while test "$line" != "end"; do echo $n "$PS2$c" read line cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ ed - /tmp/bcsh$$ << ++++ s/end/done/ s/foreach[ ]$.*$(/for \1 in / s/)// s/;/;do / w -- line=done ;; esac cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ ;; if[\ \ ]*) while test "$line" != "fi" && test "$line" != "endif" do echo $n "$PS2$c" -- line=fi ;; esac cmd="${cmd};$line" done echo "$cmd" > /tmp/bcsh$$ case "`grep then /tmp/bcsh$$`" in "") # fix 'if foo bar' cases ed - /tmp/bcsh$$ << ++++ s/)/);then/ s/.*/;fi/ w ++++ ;; -- echo $n "$PS2$c" read line cmd="${cmd}@$line" done cmd="`echo \"$cmd\" | tr '@' ' '`" echo "$cmd" > /tmp/bcsh$$ ;; switch[\ \ ]*) while test "$line" != "endsw" do echo $n "$PS2$c" read line cmd="${cmd}@$line" done echo "$cmd" > /tmp/bcsh$$ ed - /tmp/bcsh$$ << '++++' 1,$s/@/\ /g g/switch.*(/s//case "/ s/)/" in/ 1,$s/case[ ]$.*$:$/;;\ -- g/breaksw/s/// 1,$s/default.*/;;\ *)/ w ++++ cmd="`cat /tmp/bcsh$$`" ;; *!*) hist=yes ;; esac -- echoit=yes getcmd=no continue ;; *~e) echo "$cmd" | sed -e "s@~e@@" > /tmp/bcsh$$ $EDITOR /tmp/bcsh$$ cmd="`cat /tmp/bcsh$$`" getcmd=no continue ;; *~v) echo "$cmd" | sed -e "s@~v@@" > /tmp/bcsh$$ echo "$lastcmd" > /tmp/bcsh$$ $VISUAL /tmp/bcsh$$ cmd="`cat /tmp/bcsh$$`" getcmd=no continue ;; exec[\ \ ]*) tail -n $savehist $histfile>/tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ ;; login[\ \ ]*|newgrp[\ \ ]*) tail -n $savehist $histfile>/tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ ;; logout|exit|bye) if test -s "$logoutfile" then # sh $logoutfile $SHELL $logoutfile fi tail -n $savehist $histfile > /tmp/hist$$ uniq /tmp/hist$$ > $histfile rm -f /tmp/*$$ exit 0 ;; h|history) grep -n . $histfile | tail -n $history | sed -e 's@:@ @' | $PAGER continue -- continue ;; source[\ \ ]*) set - $cmd shift echo . $* > /tmp/cmd$$ . /tmp/cmd$$ run=no ;; wait) wait run=no ;; .[\ \ ]*) echo $cmd > /tmp/cmd$$ . /tmp/cmd$$ run=no ;; cd|cd[\ \ ]*) # check if it will work first, or else this shell will terminate # if the cd dies. If you have a built-in test, you might want # to replace the try-it-and-see below with a couple of tests, # but it is probably just as fast like this. echo $cmd > /tmp/cmd$$ if ($SHELL /tmp/cmd$$) ; then . /tmp/cmd$$ fi run=no ;; awk[\ \ ]*|dd[\ \ ]*|cc[\ \ ]*|make[\ \ ]*) # these are the only commands I can think of whose syntax # includes an equals sign. Add others as you find them. echo "$cmd" > /tmp/bcsh$$ ;; setenv*|*=*) # handle setting shell variables, turning cshell syntax to Bourne # syntax -- note all variables must be exported or they will not # be usable in other commands echo "$cmd" > /tmp/cmd$$ ed - /tmp/cmd$$ << ++++ g/^setenv[ ]/s/[ ]/@/ g/^setenv@/s/[ ]/=/ g/^setenv@/s/// g/^set/s/// .t. \$s/=.*// s/^/export / w ++++ . /tmp/cmd$$ rm -f /tmp/cmd$$ run=no ;; unset[\ \ ]*|umask[\ \ ]*|export[\ \ ]*|set[\ \ ]*) # handle commands which twiddle current environment -- continue ;; esac ;; *) echo "$cmd" > /tmp/bcsh$$ ;; esac ;; no) echo "$cmd" > /tmp/bcsh$$ ;; esac ;; esac -- ;; *) case "$exclaim" in yes) cmd="`echo \"$cmd\" | sed -e 's@REALEXCLAMATIONMARK@!@g'`" echo "$cmd" > /tmp/bcsh$$ ;; esac case "$echoit" in yes) echo $cmd -- yes) case "${noclobber+yes}" in yes) case "$cmd" in *\>![\ \ ]*) ed - /tmp/bcsh$$ << ++++ g/>!/s//>/ w ++++ ;; *\>\>*) -- read answer case "$answer" in y*) ;; *) echo ':' > /tmp/bcsh$$ ;; esac ;; *) echo "${outfile}: file exists" echo ':' > /tmp/bcsh$$ ;; esac fi ;; esac -- esac ;; *) case "$cmd" in *\>![\ \ ]*) ed - /tmp/bcsh$$ << ++++ g/>!/s//>/g w ++++ ;; esac ;; esac (trap 'exit 1' 2 3; $BASH /tmp/bcsh$$) ;; esac case "$cmd" in $lastcmd) ;; Found error in /usr/share/doc/bash3-3.2.57/examples/misc/cshtobash: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/cshtobash # zsh-3.0. # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.? cshout cshin' 0 1 2 3 6 15 T=$'\t' SOURCE="${1:+source $1}" cat << EOF >cshin $SOURCE alias >! /tmp/cb$$.a setenv >! /tmp/cb$$.e set >! /tmp/cb$$.v EOF # give csh a minimal environment, similar to what login would provide /usr/bin/env - USER=$USER HOME=$HOME PATH=/usr/bin:/bin:/usr/ucb:. TERM=$TERM SHELL=$SHELL /bin/csh -i < ./cshin > cshout 2>&1 # First convert aliases cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- *) echo alias ${1}=\'$(echo "${2}" | sed "s:':'\\\\'':")\' ;; esac } EOF sed "s/^$[a-zA-Z0-9_]*$$T$.*$$/mkalias \1 '\2'/" < /tmp/cb$$.a >>/tmp/cb$$.1 echo '# csh aliases' echo $BASH /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g' -- # Would be nice to deal with embedded newlines, e.g. in TERMCAP, but ... sed -e '/^SHLVL/d' \ -e '/^PWD/d' \ -e "s/'/'"\\\\"''"/g \ -e "s/^$[A-Za-z0-9_]*=$/export \1'/" \ -e "s/$/'/" < /tmp/cb$$.e # Finally, convert local variables echo echo '# csh variables' echo -- sed -e 's/'"$T"'/=/' \ -e "s/'/'"\\\\"''"/g \ -e '/^[A-Za-z0-9_]*=[^(]/{ s/=/='"'/"' s/$/'"'/"' }' < /tmp/cb$$.v | sed -e '/^argv=/d' -e '/^cwd=/d' -e '/^filec=/d' -e '/^status=/d' \ -e '/^verbose=/d' \ -e '/^term=/d' \ -e '/^home=/d' \ -e '/^path=/d' \ -- # now some special csh variables converted to bash equivalents echo echo '# special csh variables converted to bash equivalents' echo sed -e 's/'"$T"'/=/' < /tmp/cb$$.v | grep "^cdpath=" | sed 's/(// s/ /:/g s/)// s/cdpath=/CDPATH=/' sed -e 's/'"$T"'/=/' < /tmp/cb$$.v | grep "^mail=" | sed 's/(// s/ /:/g s/)// s/mail=/MAILPATH=/' | Found error in /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.sh # usage: aliasconv.sh # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.?' 0 1 2 3 6 15 T=' ' cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- # the first thing we want to do is to protect single quotes in the alias, # since they whole thing is going to be surrounded by single quotes when # passed to mkalias sed -e "s:':\\'\\\'\\':" -e "s/^$[a-zA-Z0-9_-]*$$T$.*$$/mkalias \1 '\2'/" >>/tmp/cb$$.1 sh /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g' Found error in /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.bash: $ grep -A5 -B5 /tmp/ /usr/share/doc/bash3-3.2.57/examples/misc/aliasconv.bash # usage: aliasconv.bash # # Chet Ramey # chet@po.cwru.edu # trap 'rm -f /tmp/cb$$.?' 0 1 2 3 6 15 T=$'\t' cat << \EOF >/tmp/cb$$.1 mkalias () { case $2 in '') echo alias ${1}="''" ;; *[#\!]*) -- # the first thing we want to do is to protect single quotes in the alias, # since they whole thing is going to be surrounded by single quotes when # passed to mkalias sed -e "s:':\\'\\\'\\':" -e "s/^$[a-zA-Z0-9_-]*$$T$.*$$/mkalias \1 '\2'/" >>/tmp/cb$$.1 $BASH /tmp/cb$$.1 | sed -e 's/\$cwd/\$PWD/g' \ -e 's/\$term/\$TERM/g' \ -e 's/\$home/\$HOME/g' \ -e 's/\$user/\$USER/g' \ -e 's/\$prompt/\$PS1/g'; info clsync-0.4.2-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/clsync/examples/production/etc/clsync/synchandler/lxc/brother.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/clsync/examples/production/etc/clsync/synchandler/lxc/brother.sh # if mount | grep "$BROTHERMNT" > /dev/null; then if ping -w 1 -qc 5 -i 0.1 $BROTHERNAME > /dev/null; then #if [ ! -d "$TO" ]; then # mkdir -p "$TO" #fi exec rsync --password-file="/etc/rsyncd.pass" -aH --timeout=3600 --inplace --delete-before $STATICEXCLUDE "$excludefrom" --include-from="${LISTFILE}" --exclude='*' "$FROM"/ "$TO"/ 2>/tmp/clsync-rsync-"$LABEL"-brother.err else sleep $[ 3600 + $RANDOM % 1800 ] exit 128 fi # else Found error in /usr/share/doc/clsync/examples/production/etc/clsync/synchandler/lxc/backup.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/clsync/examples/production/etc/clsync/synchandler/lxc/backup.sh # if mount | grep "$BACKUPMNT" > /dev/null; then if ping -w 1 -qc 5 -i 0.1 $BACKUPHOST > /dev/null; then #if [ ! -d "$BACKUPDECR" ]; then # mkdir -p "$BACKUPDECR" #fi exec rsync --password-file="/etc/backup.pass" -aH --timeout=3600 --inplace --delete-before $STATICEXCLUDE "$excludefrom" --include-from="${LISTFILE}" --exclude='*' --backup --backup-dir="$BACKUPDECR"/ "$FROM"/ "$BACKUPMIRROR"/ 2>/tmp/clsync-rsync-"$LABEL"-backup.err else sleep $[ 3600 + $RANDOM % 1800 ] return 128 fi # else; info lbuscd-0.6-alt10.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /lib/udev/remove_fstab_entry: $ grep -A5 -B5 /tmp/ /lib/udev/remove_fstab_entry # remove_fstab_entry # place in /lib/udev devicename=$1 grep '^/dev/'${devicename}'[[:blank:]]' /tmp/fstab | while read DEV MOUNTDIR TYPE OPTIONS DUMP PASS; do MOUNTPOINT=`basename "${MOUNTDIR}"` echo "RemoveDevice|${MOUNTPOINT}" > /tmp/lbus.fifo umount -l ${DEV} 2>&1 >/dev/null rmdir ${MOUNTDIR} done grep -v '^/dev/'$devicename'[[:blank:]]' /tmp/fstab >/tmp/fstab.tmp cp -f /tmp/fstab.tmp /tmp/fstab rm /tmp/fstab.tmp Found error in /lib/udev/add_fstab_entry: $ grep -A5 -B5 /tmp/ /lib/udev/add_fstab_entry LABEL=$(echo ${ID_BUS}${ID_TYPE}-$devicename |tr " " "_") fi fi # make sure the root we mount to exists ROOT=/tmp/drives [ -d $ROOT ] || mkdir ${ROOT} # invent $MOUNTPOINT MOUNTPOINT=$ROOT/$LABEL [ -d $MOUNTPOINT ] || mkdir ${MOUNTPOINT} -- if [ "${IOCHARSET}" = "utf8" ]; then MOUNTOPTS="${MOUNTOPTS},utf8" else MOUNTOPTS="${MOUNTOPTS},iocharset=${IOCHARSET}" fi echo "/dev/$devicename ${MOUNTPOINT} udf,iso9660,cdfs ${MOUNTOPTS} 0 0" >> /tmp/fstab echo "AddCdromDrive|${LABEL}|/dev/${devicename}|${DESCRIPTION}" > /tmp/lbus.fifo else REMOVABLE=0 MOUNTOPTS="rw,noatime" if [ ${BASEDEV} = "fd" ]; then DESCRIPTION="Floppy" -- fuse.ntfs|ntfs-3g) MOUNTOPTS="${MOUNTOPTS},silent,umask=000,locale=en_US.UTF-8" ;; esac fi echo "/dev/$devicename ${MOUNTPOINT} ${fstype} ${MOUNTOPTS} 0 0" >> /tmp/fstab echo "AddBlockDevice|${LABEL}|/dev/${devicename}|${REMOVABLE}|${SIZE}|${DESCRIPTION}" > /tmp/lbus.fifo fi; info menu-2.1.41-alt22.qa1.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/menu-2.1.41/examples/cat: $ grep -A5 -B5 /tmp/ /usr/share/doc/menu-2.1.41/examples/cat #!/bin/sh cat > /tmp/menu-stdin exit 0 #In the good old days of menu-0 compatibility, one had to use: -- # #This file can be very usefull when you want to run one particular # #menu-method file several times, without running any of the others. # #In order to do so, do: # # - cp ./cat /etc/menu-methods/ # # - run update-menus so that the "cat" menu-method gets executed. # # Now you've got /tmp/menu-stdin. # # - With this file, you don't need update-menus at all any more, and you # # can symply run your hand-written "menu-test" menu-method by typing: # # ./menu-test < /tmp/menu-stdin # # # # The advantage of doing this is # # - none of the other menu-method files get excecuted (speedup) # # - update-menus doesn't need to open some hundred menu-entry files # # every time you test a change in your menu-method file. # # (speedup) # compat="menu-1" # command="cat > /tmp/menu-stdin"; info python-module-dialog-3.4.0-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/python-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py: $ grep -A5 -B5 /tmp/ /usr/share/doc/python-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \ Found error in /usr/share/doc/python-module-dialog-3.4.0/examples/demo.py: $ grep -A5 -B5 /tmp/ /usr/share/doc/python-module-dialog-3.4.0/examples/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \; info python-module-pyinotify-examples-0.9.6-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/pyinotify/transient_file.sh: $ grep -A5 -B5 /tmp/ /usr/share/pyinotify/transient_file.sh #!/bin/bash for a in 1 2 3 4 5 6 7 8 9 10 do touch /tmp/test1234; echo -ne "42" > /tmp/test1234; rm -f /tmp/test1234; done; info python3-module-dialog-3.4.0-alt1.noarch The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py: $ grep -A5 -B5 /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/with-autowidgetsize/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \ Found error in /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py: $ grep -A5 -B5 /tmp/ /usr/share/doc/python3-module-dialog-3.4.0/examples/demo.py easily append data. With the {widget} widget, you can see the data stream \ flow in real time. To create a FIFO, you can use the commmand mkfifo(1), like this: % mkfifo /tmp/my_shiny_new_fifo Then, you can cat(1) data to the FIFO like this: % cat >>/tmp/my_shiny_new_fifo First line of text Second line of text ... You can end the input to cat(1) by typing Ctrl-D at the beginning of a \; info tcl-httpd-manual-3.5.1-alt1.qa2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/tcl-httpd-3.5.1/htdocs/cgi-bin/wiki.cgi: $ grep -A5 -B5 /tmp/ /usr/share/doc/tcl-httpd-3.5.1/htdocs/cgi-bin/wiki.cgi cd ~welch/kit WIKIT_BASE=http://medlicott.panasas.com:8015/wiki export WIKIT_BASE echo $SCRIPT_NAME > /tmp/wiki.log echo HTTP/1.0 200 ok if [ ! -f /usr10/home/welch/kit/tclkit-linux-i686 ]; then echo "wiki.cgi not configured"; info zfs-utils-0.8.4-alt2.x86_64 The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/zfs-utils-0.8.4/examples/zpool_get_005_pos.ksh: $ grep -A5 -B5 /tmp/ /usr/share/doc/zfs-utils-0.8.4/examples/zpool_get_005_pos.ksh typeset -i i=0 while [[ $i -lt "${#properties[@]}" ]]; do log_note "Checking for parsable ${properties[$i]} property" log_must eval "zpool get -p ${properties[$i]} $TESTPOOL >/tmp/value.$$" grep "${properties[$i]}" /tmp/value.$$ >/dev/null 2>&1 if [[ $? -ne 0 ]]; then log_fail "${properties[$i]} not seen in output" fi typeset v=$(grep "${properties[$i]}" /tmp/value.$$ | awk '{print $3}') log_note "${properties[$i]} has a value of $v" # Determine if this value is a valid number, result in return code log_must test -n "$v" -- fi i=$(( $i + 1 )) done rm /tmp/value.$$ log_pass "Zpool get returns parsable values for all known parsable properties" Found error in /usr/share/doc/zfs-utils-0.8.4/examples/xattr_004_pos.ksh: $ grep -A5 -B5 /tmp/ /usr/share/doc/zfs-utils-0.8.4/examples/xattr_004_pos.ksh # we need to be able to create zvols to hold our test ufs|ext filesystem. verify_runnable "global" # Make sure we clean up properly function cleanup { if ismounted /tmp/$NEWFS_DEFAULT_FS.$$ $NEWFS_DEFAULT_FS; then log_must umount /tmp/$NEWFS_DEFAULT_FS.$$ log_must rm -rf /tmp/$NEWFS_DEFAULT_FS.$$ fi } log_assert "Files from $NEWFS_DEFAULT_FS,tmpfs with xattrs copied to zfs retain xattr info." log_onexit cleanup -- # Create a ufs|ext file system that we can work in log_must zfs create -V128m $TESTPOOL/$TESTFS/zvol block_device_wait log_must eval "echo y | newfs $ZVOL_DEVDIR/$TESTPOOL/$TESTFS/zvol > /dev/null 2>&1" log_must mkdir /tmp/$NEWFS_DEFAULT_FS.$$ if is_linux; then log_must mount -o user_xattr \ $ZVOL_DEVDIR/$TESTPOOL/$TESTFS/zvol /tmp/$NEWFS_DEFAULT_FS.$$ # Create files in ext and tmpfs, and set some xattrs on them. # Use small values for xattrs for ext compatibility. log_must touch /tmp/$NEWFS_DEFAULT_FS.$$/$NEWFS_DEFAULT_FS-file.$$ log_must touch /tmp/tmpfs-file.$$ echo "TEST XATTR" >/tmp/xattr1 echo "1234567890" >/tmp/xattr2 log_must attr -q -s xattr1 \ /tmp/$NEWFS_DEFAULT_FS.$$/$NEWFS_DEFAULT_FS-file.$$ /tmp/xattr1.$$" log_must diff /tmp/xattr1.$$ /tmp/xattr1 log_must eval "attr -q -g xattr2 $TESTDIR/tmpfs-file.$$ >/tmp/xattr2.$$" log_must diff /tmp/xattr2.$$ /tmp/xattr2 log_must rm /tmp/xattr1 /tmp/xattr1.$$ /tmp/xattr2 /tmp/xattr2.$$ log_must umount /tmp/$NEWFS_DEFAULT_FS.$$ else log_must mount $ZVOL_DEVDIR/$TESTPOOL/$TESTFS/zvol \ /tmp/$NEWFS_DEFAULT_FS.$$ # Create files in ufs and tmpfs, and set some xattrs on them. log_must touch /tmp/$NEWFS_DEFAULT_FS.$$/$NEWFS_DEFAULT_FS-file.$$ log_must touch /tmp/tmpfs-file.$$ log_must runat /tmp/$NEWFS_DEFAULT_FS.$$/$NEWFS_DEFAULT_FS-file.$$ \ cp /etc/passwd . log_must runat /tmp/tmpfs-file.$$ cp /etc/group . # copy those files to ZFS log_must cp -@ /tmp/$NEWFS_DEFAULT_FS.$$/$NEWFS_DEFAULT_FS-file.$$ \ $TESTDIR log_must cp -@ /tmp/tmpfs-file.$$ $TESTDIR # ensure the xattr information has been copied correctly log_must runat $TESTDIR/$NEWFS_DEFAULT_FS-file.$$ \ diff passwd /etc/passwd log_must runat $TESTDIR/tmpfs-file.$$ diff group /etc/group log_must umount /tmp/$NEWFS_DEFAULT_FS.$$ fi log_pass "Files from $NEWFS_DEFAULT_FS,tmpfs with xattrs copied to zfs retain xattr info." Found error in /usr/share/doc/zfs-utils-0.8.4/examples/xattr_003_neg.ksh: $ grep -A5 -B5 /tmp/ /usr/share/doc/zfs-utils-0.8.4/examples/xattr_003_neg.ksh create_xattr $TESTDIR/myfile.$$ passwd /etc/passwd log_must chmod 000 $TESTDIR/myfile.$$ if is_linux; then user_run $ZFS_USER eval \ "attr -q -g passwd $TESTDIR/myfile.$$ >/tmp/passwd.$$" log_mustnot diff /etc/passwd /tmp/passwd.$$ log_must rm /tmp/passwd.$$ user_run $ZFS_USER eval \ "attr -q -s passwd $TESTDIR/myfile.$$ /tmp/passwd.$$ log_must diff /etc/passwd /tmp/passwd.$$ log_must rm /tmp/passwd.$$ else log_mustnot su $ZFS_USER -c "runat $TESTDIR/myfile.$$ cat passwd" log_mustnot su $ZFS_USER -c "runat $TESTDIR/myfile.$$ cp /etc/passwd ." fi;