summaryrefslogtreecommitdiffstats
path: root/tags/p/possibly-insecure-handling-of-tmp-files-in-maintainer-script.tag
diff options
context:
space:
mode:
Diffstat (limited to 'tags/p/possibly-insecure-handling-of-tmp-files-in-maintainer-script.tag')
-rw-r--r--tags/p/possibly-insecure-handling-of-tmp-files-in-maintainer-script.tag12
1 files changed, 12 insertions, 0 deletions
diff --git a/tags/p/possibly-insecure-handling-of-tmp-files-in-maintainer-script.tag b/tags/p/possibly-insecure-handling-of-tmp-files-in-maintainer-script.tag
new file mode 100644
index 0000000..17a7fb7
--- /dev/null
+++ b/tags/p/possibly-insecure-handling-of-tmp-files-in-maintainer-script.tag
@@ -0,0 +1,12 @@
+Tag: possibly-insecure-handling-of-tmp-files-in-maintainer-script
+Severity: warning
+Check: maintainer-scripts/temporary-files
+Explanation: The named maintainer script appears to access a file or a directory in
+ <code>/tmp</code> or a similar folder for temporary data. Working directly in such
+ folders, which are usually world-writable, can easily lead to serious security or
+ privacy bugs.
+ .
+ Please consider using the <code>mktemp</code> utility from the <code>coreutils</code>
+ package when creating temporary files or directories.
+See-Also:
+ debian-policy 10.4
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-10 09:12:05 +0000