Don't rely on TMP environment variables during installation
|Assignee:||Josh Cooper||% Done:|
|Keywords:||Affected Facter version:||1.6.5|
Facter’s install.rb script currently uses ENV[‘TMP’], ENV[‘TEMP’], /tmp, etc as the temp directory search path, using the first one that exists. It then creates temp files using predictable file names within the directory, which are copied into ruby’s bin directory, and .bat files on Windows.
This isn’t secure as the files are predictable. Also in non-interactive shells, TMP and TEMP are often not defined, for example when installing facter during an acceptance test run. As a result, facter falls back to /tmp, but that doesn’t work when installing on Windows agents (during an acceptance test).
Since we’re in ruby, we should just use Tempfile