lintian warnings (help)

To: debian-mentors@lists.debian.org
Subject: lintian warnings (help)
From: Turbo Fredriksson <turbo@tripnet.se>
Date: 13 Apr 1998 02:32:26 +0200
Message-id: <[🔎] m0sonio92d.fsf@stalin.ccw.se>

Hi... I'm just trying to build my latest version
of my TCPQuota, but lintian complains...

----- s n i p p -----
[papadoc]$ lintian -i tcpquota_1.6.13-3_all.deb
W: tcpquota: possibly-insecure-handling-of-tmp-files-in-maintainer-script postinst:66
N:
N:   The maintainer script seems to access a file in /tmp or some other
N:   temporary directory. Since creating temporary files in a
N:   world-writable directory is very dangerous, this is likely to be a
N:   security bug. It's suggested that you use the tempfile or mktemp
N:   utilities to create temporary files in these directories.
N:   
N:   If this is just a misinterpretation of some code in your maintainer
N:   script, please contact schwarz@monet.m.isar.de about this so that this
N:   error gets included in the overrides file for Lintian. (With that,
N:   Lintian will ignore this bug in the future.)
N:   
N:   Have a look at Policy Manual, section 3.3.4 for details.
N:
----- s n i p p -----

This is the line in the postinst:

----- s n i p p -----
TMP_FILE=`mktemp -q /tmp/$0.XXXXXX`
if [ $? -ne 0 ]; then
    echo "$0: Can't create temp file, exiting..."
    exit 1
fi
----- s n i p p -----

What have I missed? (This is _EXACLY_ as it says in the 'mktemp' manual
page!!!)

-- 
-------------------------------------------------------------------------------
 Turbo  ___________     Debian GNU/Linux   Unix _IS_ user friendly - it's just
 ^^^^^  ___  /___(_)__________  _____  __  selective about who its friends are
        __  / __  /__  __ \  / / /_  |/_/
  _ /// _  /___  / _  / / / /_/ /__>  <   Turbo Fredriksson Tel: +46-704-697645
  \\\/  /_____/_/  /_/ /_/\__,_/ /_/|_|   S-415 10 Göteborg    turbo@tripnet.se
                  PGP#788CD1A9            SWEDEN         www5.tripnet.se/~turbo
----------- PGP:  B7 92 93 0E 06 94 D6 22  98 1F 0B 5B FE 33 A1 0B ------------
--
Serbian Peking quiche KGB SEAL Team 6 counter-intelligence FSF colonel
munitions Rule Psix smuggle Saddam Hussein security Khaddafi [Hello to
all my fans in domestic surveillance]


--
To UNSUBSCRIBE, email to debian-mentors-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: lintian warnings (help)
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: Need advice on Bug#19020: mysql dev libraries are in the wrong place
Next by Date: Where is the order of versions specified?
Previous by thread: Re: TEI-lite copyright -- no modifications
Next by thread: Re: lintian warnings (help)
Index(es):
- Date
- Thread