http://bugzilla.opensuse.org/show_bug.cgi?id=1084758 Bug ID: 1084758 Summary: seccheck fails to cleanup some temporary files created during daily and weekly run Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: d_werner@gmx.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Build Identifier: During each run of the daily or weekly cron jobs of seccheck afterwards temporary files are left. Specifically these files are daily: created by the pattern specia_files_owner.XXXX in security_daily_helper.inc e.g. /tmp/specia_files_owner.Jx25 weekly: created by the pattern rpm-md5.XXXX in helper.inc e.g. /tmp/rpm-md5.AYWm This is observed with the rpm seccheck-3.0-lp150.2.3.noarch.rpm from Leap 15.0 Build 153.1 Reproducible: Always Steps to Reproduce: 1.have the seccheck rpm installed (and ensure the START_SECCHK="yes" which is the default) 2.let the time pass when the cron job triggers or tweak it to run "soon" 3.check if the files /tmp/rpm-md5.* or /tmp/specia_files_owner.* exist after the cronjob is finished dependent whether the daily or the weekly cron job was executed. Note: the weekly job can run for several minutes. Actual Results: Temporary files created by the cron job are left after the cron job completes. /tmp/specia_files_owner.???? /tmp/rpm-md5.???? Expected Results: seccheck should not leave temporary files after it finishes successfully. I do not consider this bug is not an actual security problem, it is just in a security related component. As far as I remember it even was already once fixed but crept in again. Note: this is not a new problem, AFAIK it also exists in Leap 42.3 and Tumbleweed, but maybe now is a good time to fix it and the fix is simple. -- You are receiving this mail because: You are on the CC list for the bug.