Re: (WARNING) xfree86 3.3.2.3a-2 (source all i386) uploaded to master

To: Branden Robinson <branden.robinson@ibm.net>
Cc: debian-devel@lists.debian.org
Subject: Re: (WARNING) xfree86 3.3.2.3a-2 (source all i386) uploaded to master
From: Ben Gertzfield <ben@cse.ucsc.edu>
Date: 16 Oct 1998 10:25:57 -0700
Message-id: <[🔎] yttg1coh10a.fsf@gilgamesh.cse.ucsc.edu>
In-reply-to: Branden Robinson's message of "Fri, 16 Oct 1998 13:00:18 -0400"
References: <[🔎] 19981016130018.A14300@purdue.edu>

Branden Robinson <branden.robinson@ibm.net> writes:

> W: xext: shlib-without-dependency-information
> usr/X11R6/lib/modules/xf86Jstk.so 

> I have always gotten this error.  I don't know how to fix it, but it
> doesn't seem to hurt anyone.

Well, this isn't a shared library that's going to be linked to, so
there should be a way to override lintian's behavior.

> E: xfs: postrm-contains-additional-updaterc.d-calls /etc/init.d/xfs
> 
> Uh, I only call update-rc.d once.  What's the problem?

[ben@gilgamesh:~]% echo  E: xfs: postrm-contains-additional-updaterc.d-calls /etc/init.d/xfs | lintian-info
E: xfs: postrm-contains-additional-updaterc.d-calls /etc/init.d/xfs
N:
N:   The postrm de-registers an /etc/init.d script which has not been
N:   registered in the postinst script before.
N:

You never registered it in the first place, I would guess?

> E: xfs: unregistered-script-in-etc-init.d /etc/init.d/xfs
> 
> Huh?  I'm sort of confused by this one as well.

Again:

[ben@gilgamesh:~]% echo  E: xfs: unregistered-script-in-etc-init.d /etc/init.d/xfs | lintian-info
E: xfs: unregistered-script-in-etc-init.d /etc/init.d/xfs
N:
N:   The package installs an /etc/init.d script which is not registered in
N:   the postinst script.
N:

You forgot to register it in the postinst.

> W: xlib6: postrm-calls-ldconfig
> W: xlib6g: postrm-calls-ldconfig
> 
> Uh, shouldn't they?

No!

[ben@gilgamesh:~]% echo W: xlib6: postrm-calls-ldconfig | lintian-info  10:19AM
W: xlib6: postrm-calls-ldconfig
N:
N:   The postrm script calls ldconfig, which is very dangerous.
N:   
N:   Refer to Packaging Manual, chapter 12 for details.
N:

Chapter 12 says:

   Any package installing shared libraries in a directory that's listed
   in /etc/ld.so.conf or in one of the default library directories of
   ld.so (currently, these are /usr/lib and /lib) must call ldconfig in
   its postinst script if and only if the first argument is `configure'.
   However, it is important not to call ldconfig in the postrm or preinst
   scripts in the case where the package is being upgraded (see Details
   of unpack phase of installation or upgrade, section 6.3), as ldconfig
   will see the temporary names that dpkg uses for the files while it is
   installing them and will make the shared library links point to them,
   just before dpkg continues the installation and removes the links!

Never call ldconfig in postrm (or preinst), especially if the first
argument is 'upgrade'.

> E: xserver-common: binary-without-manpage X
> 
> X's manpage is in xbase.

Hm.. that's not very useful. Why would you need the manpage without
the binary? Of course, since xserver-common depends on xbase, it's a
bit moot, but I don't know how useful it is to have just a man-page on
the system.

> W: xserver-common: setuid-binary usr/X11R6/bin/X 4755 root/root
> 
> This a security wrapper.  It needs to be setuid root.

[ben@gilgamesh:~]% echo  W: xserver-common: setuid-binary usr/X11R6/bin/X 4755 root/root | lintian-info
W: xserver-common: setuid-binary usr/X11R6/bin/X 4755 root/root
N:
N:   The file is tagged SETUID. In some cases this is intentional, but in
N:   other cases this is a bug. If it's intentional, please send a note to
N:   lintian-maint@debian.org so that this error gets included in the
N:   overrides file of Lintian. (With that, Lintian will ignore this bug in
N:   the future.)
N:

You need to send a note to lintian-maint@debian.org so that it will
be overridden. :) X definitely has to be suid.

> W: xterm: setuid-binary usr/X11R6/bin/xterm 4711 root/root
> 
> Urp.  Will fix in the next release, but since the execute bit *is* set it
> should work.  You'll just have to be root to stare at the naked binary.  Be
> sure to wear sunglasses with strong UV filters.

Well, this too needs to be noted to lintian-maint@debian.org, but it's
policy for all binaries that are executable by group or by other
should be readable, too, as making them only executable gives no
security:

  3.3.8 Permissions and owners

   Setuid and setgid executables should be mode 4755 or 2755
   respectively, and owned by the appropriate user or group. They should
   not be made unreadable (modes like 4711 or 2711 or even 4111); doing
   so achieves no extra security, because anyone can find the binary in
   the freely available Debian package--it is merely inconvenient. For
   the same reason you should not restrict read or execute permissions on
   non-set-id executables.

So make it 4755 and tell lintian-maint to override xterm. (I hate how
xterm has to be suid ;)

Ben

-- 
Brought to you by the letters Y and P and the number 1.
"Nerd. Loser. Jerk. Moron. Worm. Scum. Idiot. Fool." -- Pkunk, SCII
Debian GNU/Linux -- where do you want to go tomorrow? http://www.debian.org/
I'm on FurryMUCK as Che, and EFNet and YiffNet IRC as Che_Fox.

Reply to:

Follow-Ups:
- Re: (WARNING) xfree86 3.3.2.3a-2 (source all i386) uploaded to master
  - From: Branden Robinson <branden.robinson@ibm.net>

References:
- (WARNING) xfree86 3.3.2.3a-2 (source all i386) uploaded to master
  - From: Branden Robinson <branden.robinson@ibm.net>

Prev by Date: Re: Debian 2.[01] -- Only rudimentary support for Laptops?
Next by Date: Re: 1FA: problem still in hamm disks
Previous by thread: (WARNING) xfree86 3.3.2.3a-2 (source all i386) uploaded to master
Next by thread: Re: (WARNING) xfree86 3.3.2.3a-2 (source all i386) uploaded to master
Index(es):
- Date
- Thread