The following commit has been merged in the master branch:
commit 81451d824cfc64614e10ac70d96b255e2861618d
Author: Raphael Geissert <[EMAIL PROTECTED]>
Date: Fri Aug 22 15:03:06 2008 -0500
Improve check for possibly insecure /tmp files
* checks/scripts:
+ [RA] Improve the check for possibly insecure /tmp files to check
variable assignment as well and reduce false positives by ignoring
uses with $RANDOM or without a filename. Based on a patch from
Raphael Geissert.
diff --git a/checks/scripts b/checks/scripts
index 101f04b..df546f9 100644
--- a/checks/scripts
+++ b/checks/scripts
@@ -490,7 +490,7 @@ while (<SCRIPTS>) {
$has_code = 1;
}
- if (m,[^\w=](/var)?/tmp\b, and not m/\bmktemp\b/ and not
m/\btempfile\b/ and not m/\bmkdir\b/ and not m/\bmkstemp\b/) {
+ if (m,[^\w]((/var)?/tmp|\$TMPDIR)/[^)\]}\s], and not m/\bmks?temp\b/
and not m/\btempfile\b/ and not m/\bmkdir\b/ and not m/\$RANDOM/) {
tag "possibly-insecure-handling-of-tmp-files-in-maintainer-script",
"$file:$."
unless $warned{tmp};
$warned{tmp} = 1;
diff --git a/debian/changelog b/debian/changelog
index 27e2da7..9f164f6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,10 @@ lintian (1.25.0) unstable; urgency=low
very few cases where this would produce false negatives
but there are reported false positives for the current
expressions.
+ + [RA] Improve the check for possibly insecure /tmp files to check
+ variable assignment as well and reduce false positives by ignoring
+ uses with $RANDOM or without a filename. Based on a patch from
+ Raphael Geissert.
* frontend/lintian:
+ [RA] Ensure we close the pipe to lintian-info before exiting, since
--
Debian package checker
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
