Bug#344998: lintian: bogus warning about insecure tmpfile handling
Package: lintian
Version: 1.23.8
Severity: normal
W: tetex-bin: possibly-insecure-handling-of-tmp-files-in-maintainer-script postinst:28
This line reads:
: ${MKTMPDIR:=/tmp}
and in fact the variable MKTMPDIR is only used in invocations of mktemp
with option -p.
Maybe we should change the code to something like
: ${MKTMPDIR:=$TMPDIR}
: ${MKTMPDIR:=/tmp}
but the current code is *not* insecure.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Versions of packages lintian depends on:
ii binutils 2.15-6 The GNU assembler, linker and bina
ii diffstat 1.39-1 produces graph of changes introduc
ii file 4.12-1 Determines file type using "magic"
ii gettext 0.14.4-2 GNU Internationalization utilities
ii intltool-debian 0.30+20040213 Help i18n of RFC822 compliant conf
ii man-db 2.4.2-21 The on-line manual pager
ii perl [libdigest-md5-perl] 5.8.4-8 Larry Wall's Practical Extraction
-- no debconf information
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: