Группа :: Система/Настройка/Прочее
Пакет: alterator-deploy
навигация по пакетам
| id пакета | статус | тест | сообщение |
|---|---|---|---|
| alterator-deploy-0.1.0-alt1.x86_64 |
 fail | unsafe-tmp-usage-in-scripts | The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/deploy: $ grep /tmp/ /usr/lib/alterator/backend3/deploy ;; esac ;; write) case "${in__objects##*/}" in set) echo "Role: ${in_role:?}" >> /tmp/out echo "Parameter: ${in_parameter:?}" >> /tmp/out echo "Value: ${in_value:?}" >> /tmp/out set_param... [the rest of the message is skipped] |
| alterator-deploy-0.1.0-alt1.x86_64 |
 ok | checkbashisms | |
| alterator-deploy-0.1.0-alt1.x86_64 |
ok | sisyphus_check | |
| alterator-deploy-0.1.0-alt1.x86_64 |
ok | buildroot |