Comment # 10 on bug 910500 from Neil Brown

Thanks for the report.

I have submitted an update for 13.2 and Factory which makes this change:

+-      mdadm --detail --export "$dev" > $tmp || continue
++      mdadm --detail --export "$dev" | grep '^MD_UUID=' > $tmp || continue

to the mdcheck script.  You could easily do that by hand rather than wait for
the update.

Comment #6 is correct that this could be a security issue.
If a USB device with carefully crafted metadata were plugged into an openSUSE
host, the array would be automatically assembled.
If it was still there at 1am when the mdcheck script is run by cron, then shell
code from the array name would be executed.

Security-team:  is there anything else I should do w.r.t. the security aspect?