Re: set of patches
Russ Allbery wrote:
> Raphael Geissert <atomo64+debian@gmail.com>
> writes:
>
>> Attached are the following two patches in a git-friendly mbox format:
>>
>>
lintian_enhanced_possibly-insecure-handling-of-tmp-files-in-maintainer-script.patch:
>> Requires the tmp dir name to have a name thus reducing the number of
>> false positives and allowing to check for = /tmp/foo thus also
>> decreasing the number of false negatives (or at least I hope it does).
>
>> It no longer ignores mkdir as it may also suffer from attacks when the
>> error is ignored, compacts the mktemp/mkstemp checks and ignores the
>> line if $RANDOM is present.
>
> I'm not comfortable with removing mkdir on the grounds that it *might* not
> be error-checked. Nearly all maintainer scripts are error-checked, which
> makes mkdir safe.
Maybe I should write a check that makes sure sh is called with -e
or 'set -e' is used at some point during the script's execution.
An example where the main problematic line is ignored because of the mkdir
exception is #496462.
>
> This otherwise looks okay, though, so I'll apply it without that change.
>
>> lintian_maintainer-also-in-uploaders.patch:
>> Added to detect situations where the person in the Maintainer field is
>> also in Uploaders.
>
> Thanks, applied with some changes to the long tag description and the
> addition of the Severity/Certainty tags.
>
Never heard about some good reason to duplicate the information (as what I
understood from the new description) but fine :)
Cheers,
--
Atomo64 - Raphael
Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
Reply to: