Lintian Reports_BETA

possibly-insecure-handling-of-tmp-files-in-maintainer-script

The maintainer script seems to access a file in /tmp or some other temporary directory. Since creating temporary files in a world-writable directory is very dangerous, this is likely to be a security bug. Use the tempfile or mktemp utilities to create temporary files in these directories.

For more information please consult:

Debian Policy Manual section 10.4

The tag is present in Lintian version 2.114.163. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.108.0 release tag in our Git repository.

You can find the detection logic for this version at commit a1e47cb. For merge requests, please use the latest version in the Lintian check scripts.

Visibility: warning

The following 13 source packages in the archive triggered the tag 27 times (in any Lintian version).

There were no overrides.

b43-fwcutter

/tmp [postinst:57]
/tmp [postinst:64]

bandwidthd

$TMPDIR/bandwidthd.conf [postinst:57]
$TMPDIR/bandwidthd.conf [postinst:82]
$TMPDIR/pgpass [postinst:125]

debian-edu-config

$TMPDIR/all.ldif [postinst:153]
$TMPDIR/all.ldif [postinst:158]
$TMPDIR/all.ldif [postinst:160]

debian-security-support

/tmp [postinst:43]

designate

/tmp [postinst:1189]

ecryptfs-utils

/tmp [postinst:13]
/tmp [postinst:14]
/tmp [postinst:16]

nova

/var/tmp [prerm:9]
/var/tmp [prerm:17]

ntopng

/var/tmp [postinst:9]

nvi

/var/tmp [postinst:16]
/var/tmp [postinst:17]
/var/tmp [postinst:21]
/var/tmp [postinst:22]
/var/tmp [postrm:5]
/var/tmp [postrm:6]

squeak-vm

/tmp [postinst:24]

wims-lti

/var/tmp [postrm:38]

xymon

/tmp [preinst:46]
/tmp [preinst:47]

zemberek-server

/tmp [postinst:14]