Lintian tag: possibly-insecure-handling-of-tmp-files-in-maintainer-script

Type: warning

Description (from lintian-explain-tags)

The named maintainer script appears to access a file or a directory in
/tmp or a similar folder for temporary data. Working directly in such
folders, which are usually world-writable, can easily lead to serious
security or privacy bugs.

Please consider using the mktemp utility from the coreutils package when
creating temporary files or directories.

Please refer to Scripts (Section 10.4) in the Debian Policy Manual for
details.

Visibility: warning
Show-Always: no
Check: maintainer-scripts/temporary-files

Affected packages

source version binary tag type tag information count
aide 0.18.8-1 aide-common/0.18.8-1 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:46] 1
aide 0.19~dev20240708-1 aide-common/0.19~dev20240708-1 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:46] 1
bcron 0.11-22 bcron/0.11-22 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [prerm:26] 9
bcron 0.11-22 bcron/0.11-22 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [prerm:27] 9
debian-edu-config 2.12.45 debian-edu-config/2.12.45 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:184] 1
debian-edu-config 2.12.45 debian-edu-config/2.12.45 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:177] 1
debian-edu-config 2.12.45 debian-edu-config/2.12.45 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:182] 1
debian-security-support 1:13+2024.09.30 debian-security-support/1:13+2024.09.30 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:43] 1
designate 1:19.0.0-1 designate-common/1:19.0.0-1 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:1201] 1
ecryptfs-utils 111-7 ecryptfs-utils/111-7 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:14] 9
ecryptfs-utils 111-7 ecryptfs-utils/111-7 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:13] 9
ecryptfs-utils 111-7 ecryptfs-utils/111-7 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:16] 9
nova 2:30.0.0-1 nova-common/2:30.0.0-1 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [prerm:9] 1
nova 2:30.0.0-1 nova-common/2:30.0.0-1 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [prerm:17] 1
ntopng 5.2.1+dfsg1-2 ntopng/5.2.1+dfsg1-2 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:9] 8
nvi 1.81.6-23 nvi/1.81.6-23 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:21] 9
nvi 1.81.6-23 nvi/1.81.6-23 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postrm:6] 9
nvi 1.81.6-23 nvi/1.81.6-23 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:16] 9
nvi 1.81.6-23 nvi/1.81.6-23 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:17] 9
nvi 1.81.6-23 nvi/1.81.6-23 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postrm:5] 9
nvi 1.81.6-23 nvi/1.81.6-23 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:15] 9
samba 2:4.21.0+dfsg-1 samba/2:4.21.0+dfsg-1 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:34] 9
samba 2:4.21.0+dfsg-1 samba/2:4.21.0+dfsg-1 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /var/tmp [postinst:45] 9
samba 2:4.21.0+dfsg-1 samba/2:4.21.0+dfsg-1 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:46] 9
squeak-vm 1:4.10.2.2614+20120917~dfsg-2 squeak-vm/1:4.10.2.2614+20120917~dfsg-2 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:24] 9
systemd 256.6-1 systemd/256.6-1 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postrm:18] 9
systemd 256.6-1 systemd/256.6-1 overridden possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:77] 9
zemberek-server 0.7.1-13 zemberek-server/0.7.1-13 warning possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:14] 1