Bug#801483: The environmental variable 'TMPDIR' is made unset by "lintian"

To: Jakub Wilk <jwilk@debian.org>
Cc: 801483@bugs.debian.org
Subject: Bug#801483: The environmental variable 'TMPDIR' is made unset by "lintian"
From: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Date: Sun, 18 Oct 2015 21:42:39 +0000
Message-id: <[🔎] 20151018214239.GA13689@rhi.hi.is>
Reply-to: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>, 801483@bugs.debian.org
In-reply-to: <[🔎] 20151014131442.GA769@jwilk.net>
References: <[🔎] 20151011015212.GA17464@rhi.hi.is> <[🔎] 20151014131442.GA769@jwilk.net>

On Wed, Oct 14, 2015 at 03:14:43PM +0200, Jakub Wilk wrote:
> * Bjarni Ingi Gislason <bjarniig@rhi.hi.is>, 2015-10-11, 01:52:
> >  * What outcome did you expect instead?
> >
> > That the environmental variable "TMPDIR" retains its value.
> 
> Lintian sanitizes environment when calling external programs. (See
> the clean_env function in lib/Lintian/Util.pm). It only keeps PATH
> and sets LC_ALL to C or C.UTF-8.
> 
> We could certainly add TMPDIR to the whitelist.
> 

  That should be done.. "clean_env" is (now) only used in
"po_debconf.pm" and "manpages.pm" in the ".../checks" directory.

  "lintian" uses it in some of its files.  It can be set for these uses
in the file "/etc/lintianrc", if it is not already defined.

  In directory "/usr/share/lintian":

checks/po-debconf.pm:          = File::Temp->newdir('lintian-po-debconf-XXXXXX',TMPDIR => 1);
checks/scripts.pm:            if (    m,[^\w](?:(?:/var)?/tmp|\$TMPDIR)/[^)\]}\s],
commands/reporting-lintian-harness.pm:        $ENV{'TMPDIR'} = $OPT{'lintian-scratch-space'};
commands/reporting-lintian-harness.pm:        log_msg("Setting TMPDIR to $ENV{'TMPDIR'}");
commands/reporting-lintian-harness.pm:        log_msg('Leaving TMPDIR unset (no --lintian-scratch-space');
lib/Test/Lintian/Harness.pm:    my ($test_fd, $test_file) = tempfile('bd-test-XXXXXXXXX', TMPDIR => 1);

  In "/usr/bin/lintian":

      TMPDIR
$ENV{'TMPDIR'} = $opt{'TMPDIR'} if defined($opt{'TMPDIR'});

  In "/etc/lintianrc":

#TMPDIR="/var/tmp"

> But why is this a problem in practice? Does man, or any other
> external command Lintian calls, create temporary files?
> 

N.B. Better is to put each question on a separate line.

a)   It is only a problem, if an undefined "TMPDIR" causes problems.

  It is a deficiency, if an user wants external commands to put their
temporary files in a directory of his choice, if these commands (will)
provide for it.  It is also not (more) future proof.

b)

  I don't know about "/usr/bin/man", and yes (my script at least).  The
commands could do it in the future.

-- 
Bjarni I. Gislason

Reply to:

Follow-Ups:
- Bug#801483: The environmental variable 'TMPDIR' is made unset by "lintian"
  - From: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>

References:
- Bug#801483: The environmental variable 'TMPDIR' is made unset by "lintian"
  - From: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
- Bug#801483: The environmental variable 'TMPDIR' is made unset by "lintian"
  - From: Jakub Wilk <jwilk@debian.org>

Prev by Date: Bug#799861: false positive in "source-is-missing" when dealing with .js
Next by Date: Bug#801483: The environmental variable 'TMPDIR' is made unset by "lintian"
Previous by thread: Bug#801483: The environmental variable 'TMPDIR' is made unset by "lintian"
Next by thread: Bug#801483: The environmental variable 'TMPDIR' is made unset by "lintian"
Index(es):
- Date
- Thread