Lintian tag: possibly-insecure-handling-of-tmp-files-in-maintainer-script

Type: warning

Description (from `lintian-explain-tags`)

The named maintainer script appears to access a file or a directory in
/tmp or a similar folder for temporary data. Working directly in such
folders, which are usually world-writable, can easily lead to serious
security or privacy bugs.

Please consider using the mktemp utility from the coreutils package when
creating temporary files or directories.

Please refer to Scripts (Section 10.4) in the Debian Policy Manual for
details.

Visibility: warning
Show-Always: no
Check: maintainer-scripts/temporary-files

Affected packages

source	version	binary	level	tag	count	information
aide	0.19.1-2	aide-common/0.19.1-2	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	/var/tmp [postinst:46]
b43-fwcutter	1:019-14	firmware-b43-installer/1:019-14	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	/tmp [postinst:64]
b43-fwcutter	1:019-14	firmware-b43legacy-installer/1:019-14	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	/tmp [postinst:57]
bcron	0.11-23	bcron/0.11-23	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [prerm:27]
bcron	0.11-23	bcron/0.11-23	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [prerm:26]
debian-edu-config	2.12.902	debian-edu-config/2.12.902	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	$TMPDIR/all.ldif [postinst:184]
debian-edu-config	2.12.902	debian-edu-config/2.12.902	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	$TMPDIR/all.ldif [postinst:182]
debian-edu-config	2.12.902	debian-edu-config/2.12.902	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	$TMPDIR/all.ldif [postinst:177]
debian-security-support	1:13+2025.07.16	debian-security-support/1:13+2025.07.16	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	/tmp [postinst:43]
designate	1:20.0.0-2	designate-common/1:20.0.0-2	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	/tmp [postinst:1201]
ecryptfs-utils	111-8	ecryptfs-utils/111-8	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [postinst:16]
ecryptfs-utils	111-8	ecryptfs-utils/111-8	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [postinst:13]
ecryptfs-utils	111-8	ecryptfs-utils/111-8	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [postinst:14]
nova	2:31.0.0-6	nova-common/2:31.0.0-6	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	/var/tmp [prerm:9]
nova	2:31.0.0-6	nova-common/2:31.0.0-6	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	/var/tmp [prerm:17]
ntopng	5.2.1+dfsg1-2	ntopng/5.2.1+dfsg1-2	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	8	/var/tmp [postinst:9]
nvi	1.81.6-23	nvi/1.81.6-23	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [postinst:21]
nvi	1.81.6-23	nvi/1.81.6-23	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [postinst:17]
nvi	1.81.6-23	nvi/1.81.6-23	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [postrm:6]
nvi	1.81.6-23	nvi/1.81.6-23	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [postinst:16]
nvi	1.81.6-23	nvi/1.81.6-23	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [postrm:5]
nvi	1.81.6-23	nvi/1.81.6-23	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [postinst:15]
samba	2:4.22.3+dfsg-4	samba/2:4.22.3+dfsg-4	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [postinst:34]
samba	2:4.22.3+dfsg-4	samba/2:4.22.3+dfsg-4	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/var/tmp [postinst:45]
samba	2:4.22.3+dfsg-4	samba/2:4.22.3+dfsg-4	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [postinst:46]
squeak-vm	1:4.10.2.2614+20120917~dfsg-2	squeak-vm/1:4.10.2.2614+20120917~dfsg-2	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [postinst:24]
systemd	257.7-1	systemd/257.7-1	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [postinst:89]
systemd	257.7-1	systemd/257.7-1	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [postrm:18]
systemd	257.7-1	systemd/257.7-1	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [preinst:73]
systemd	258~rc2-1	systemd/258~rc2-1	overridden	possibly-insecure-handling-of-tmp-files-in-maintainer-script	9	/tmp [postrm:18]
unit-translator	0.7-2	utrans-rc/0.7-2	warning	possibly-insecure-handling-of-tmp-files-in-maintainer-script	1	/var/tmp [postinst:8]

Lintian tag: possibly-insecure-handling-of-tmp-files-in-maintainer-script

Type: warning

Description (from lintian-explain-tags)

Affected packages

Description (from `lintian-explain-tags`)