Bug #30019 for SQL-DB: Cleaning up /tmp directory; predictable tmp filenames

Mon Oct 15 17:36:43 2007 ANDK [...] cpan.org - Ticket created

Subject:

Cleaning up /tmp directory; predictable tmp filenames

Today I observed in my /tmp directory that running tests on MLAWREN/SQL-DB-0.09.tar.gz left over some files with rather predictable filenames -rw-r--r-- 1 sand sand 3072 Oct 15 13:53 sqldb25360.db -rw-r--r-- 1 sand sand 3072 Oct 15 13:53 sqldb25616.db -rw-r--r-- 1 sand sand 3072 Oct 15 13:54 sqldb26015.db -rw-r--r-- 1 sand sand 3072 Oct 15 13:54 sqldb26267.db -rw-r--r-- 1 sand sand 3072 Oct 15 13:54 sqldb26507.db -rw-r--r-- 1 sand sand 3072 Oct 15 13:55 sqldb26755.db -rw-r--r-- 1 sand sand 3072 Oct 15 13:55 sqldb26993.db May I suggest that you use File::Temp to produce (1) unpredictable files and (2) cleanup after the work is done on them? Predictable filenames in /tmp have rather nasty security implications when people run the tests as root so should be avoided. Thanks!

Tue Oct 16 05:20:16 2007 MLAWREN [...] cpan.org - Broken in 0.03 added

Tue Oct 16 05:20:21 2007 MLAWREN [...] cpan.org - Broken in 0.04 added

Tue Oct 16 05:20:22 2007 MLAWREN [...] cpan.org - Broken in 0.05 added

Tue Oct 16 05:20:25 2007 MLAWREN [...] cpan.org - Broken in 0.06 added

Tue Oct 16 05:20:26 2007 MLAWREN [...] cpan.org - Broken in 0.07 added

Tue Oct 16 05:20:28 2007 MLAWREN [...] cpan.org - Broken in 0.08 added

Tue Oct 16 05:30:39 2007 nomad [...] null.net - Correspondence added

Subject:	Re: [rt.cpan.org #30019] Cleaning up /tmp directory; predictable tmp filenames
Date:	Tue, 16 Oct 2007 11:27:51 +0200
To:	Andreas Koenig via RT <bug-SQL-DB [...] rt.cpan.org>
From:	Mark Lawrence <nomad [...] null.net>

Show quoted text

> May I suggest that you use File::Temp to produce (1) unpredictable files > and (2) cleanup after the work is done on them? Predictable filenames in > /tmp have rather nasty security implications when people run the tests > as root so should be avoided.

I knew this was bad, just hadn't got round to cleaning it up. But all it takes is for someone else to notice and then the motivation/priority magically increases. Thanks for the bump :-) Will be fixed in v0.10. Now have to go wait for RT to catch up to CPAN, and then have to wait on RT to render the pages again... (25 second page generation times - what's up with that?) Cheers, Mark. -- Mark Lawrence

Tue Oct 16 05:31:04 2007 The RT System itself - Status changed from 'new' to 'open'

Tue Oct 16 18:41:47 2007 andreas.koenig.7os6VVqR [...] franz.ak.mind.de - Correspondence added

CC:	ANDK [...] cpan.org
Subject:	Re: [rt.cpan.org #30019] Cleaning up /tmp directory; predictable tmp filenames
Date:	Wed, 17 Oct 2007 00:40:29 +0200
To:	bug-SQL-DB [...] rt.cpan.org
From:	andreas.koenig.7os6VVqR [...] franz.ak.mind.de (Andreas J. Koenig)

Show quoted text

>>>>> On Tue, 16 Oct 2007 05:31:12 -0400, "Mark Lawrence via RT" <bug-SQL-DB@rt.cpan.org> said:

Show quoted text

> <URL: http://rt.cpan.org/Ticket/Display.html?id=30019 >

Show quoted text

>> May I suggest that you use File::Temp to produce (1) unpredictable files >> and (2) cleanup after the work is done on them? Predictable filenames in >> /tmp have rather nasty security implications when people run the tests >> as root so should be avoided.

Show quoted text

> I knew this was bad, just hadn't got round to cleaning it up. But > all it takes is for someone else to notice and then the > motivation/priority magically increases. Thanks for the bump :-)

Thanks for accepting it;) Show quoted text

> Will be fixed in v0.10. Now have to go wait for RT to catch up to CPAN, > and then have to wait on RT to render the pages again... (25 second > page generation times - what's up with that?)

Last time I heard about this it was said it's due to undersized hardware. -- andreas

Mon Oct 22 08:11:34 2007 MLAWREN [...] cpan.org - Status changed from 'open' to 'resolved'

Mon Oct 22 08:11:44 2007 MLAWREN [...] cpan.org - Fixed in 0.10 added

Mon Oct 22 08:11:45 2007 MLAWREN [...] cpan.org - Broken in 0.09 added