Bug ID 1084758
Summary seccheck fails to cleanup some temporary files created during daily and weekly run
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.0
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter d_werner@gmx.net
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Firefox/52.0
Build Identifier: 

During each run of the daily or weekly cron jobs of seccheck afterwards
temporary files are left.

Specifically these files are
daily: created by the pattern specia_files_owner.XXXX in
security_daily_helper.inc
e.g. /tmp/specia_files_owner.Jx25

weekly: created by the pattern rpm-md5.XXXX in helper.inc
e.g. /tmp/rpm-md5.AYWm

This is observed with the rpm seccheck-3.0-lp150.2.3.noarch.rpm from Leap 15.0
Build 153.1

Reproducible: Always

Steps to Reproduce:
1.have the seccheck rpm installed (and ensure the START_SECCHK="yes" which is
the default)
2.let the time pass when the cron job triggers or tweak it to run "soon"
3.check if the files /tmp/rpm-md5.* or /tmp/specia_files_owner.* exist after
the cronjob is finished dependent whether the daily or the weekly cron job was
executed. Note: the weekly job can run for several minutes.
Actual Results:  
Temporary files created by the cron job are left after the cron job completes.
/tmp/specia_files_owner.????
/tmp/rpm-md5.????

Expected Results:  
seccheck should not leave temporary files after it finishes successfully.

I do not consider this bug is not an actual security problem, it is just in a
security related component. As far as I remember it even was already once fixed
but crept in again.

Note: this is not a new problem, AFAIK it also exists in Leap 42.3 and
Tumbleweed, but maybe now is a good time to fix it and the fix is simple.

You are receiving this mail because: