|Subject:||Unsafe /tmp file usage|
In Batch::Batchrun::Dbfunctions::command_sqlplus() $tmpfile = '/tmp/'.$$.'sqlplus.sql'; open ( CMDFILE, ">$tmpfile" ) or die "** cant open $tmpfile because $!"; ...etc... There are a variety of ways to abuse this. Assuming this module is still being used, it should switch to File::Temp::tempfile().