Comment 0 for bug 912762

wakeup uses temporary files insecurly in multiple places in the code.

e.g. this code in data/scripts/wakeup:67 is probably exploitable to place abitrary code into roots crontab.
            tmpfile=/tmp/wake
            eval "$dosudo crontab -l >$tmpfile"
            snoozetime=$(date -d "+$snooze min" "+%M %H %d %m %w")
            echo "$snoozetime /usr/bin/wakeup $1 $2 >/dev/null 2>&1"\
                  "#entered by setnextalarm" >>$tmpfile
            eval "$dosudo crontab $tmpfile; rm $tmpfile"

there also many uses os.system which could be a problem, but I did not check if any of them are exploitable.