[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFR] templates://haserl/{haserl.templates}

Christian PERRIER wrote:
> Rationale:
> --- haserl.old/debian/haserl.templates	2011-07-16 21:14:32.783410052 +0200
> +++ haserl/debian/haserl.templates	2011-07-21 11:14:41.960383451 +0200
> @@ -5,5 +5,5 @@
>   When haserl is installed with suid root permissions, it will automatically set
>   its UID and GID to that of the owner and group of the script.

This template very nearly got past me unmodified, but then I wondered
whether it should be "to those of the owner and group", and once I'd
thought that neither option sounded good.  Maybe:

    its UID and GID to match the owner and group of the script.

> --- haserl.old/debian/control	2011-07-16 21:14:32.783410052 +0200
> +++ haserl/debian/control	2011-07-21 11:15:57.462460577 +0200
> @@ -17,14 +17,14 @@
>  Depends: ${shlibs:Depends}, ${misc:Depends}
>  Recommends: lua5.1
>  Description: CGI scripting program for embedded environments
> + Haserl is a small CGI wrapper that allows PHP-style CGI programming, but uses
>   a UNIX bash-like shell or Lua as the programming language. It is very small, so
>   it can be used in embedded environments, or where something like PHP is too
>   big.
>   .
> + It combines three features into a small CGI engine:
>    * It parses POST and GET requests, placing form-elements as name=value
> +    pairs into the environment for the CGI script to use. This is somewhat like
>      the uncgi wrapper.
>    * It opens a shell, and translates all text into printable statements. All
>      text within <% ... %> constructs are passed verbatim to the shell. This is
>    * It can optionally be installed to drop its permissions to the owner of the
>      script, giving it some of the security features of suexec or cgiwrapper.

I like it, but as usual I'm mangling almost every line.
 * I'm not keen on "a UNIX bash-like shell" (as opposed to a Windows
   bash-like shell?);
 * "All text [...] are passed" should be "is";
 * the reference to being "installed to" work in a particular way is a
   rather un-Debian way of putting it.
 * and I'd rephrase a couple of bits just to make the word order more
   natural or to reduce repetition (e.g. of "small" and "CGI").

How about:

   Description: CGI scripting program for embedded environments
    Haserl is a CGI wrapper that allows PHP-style programming in Lua or a
    Bash-like shell. It is very small, so it can be used in embedded
    environments, or where something like PHP is too big.
    .
    It combines three features into a small CGI engine:
     * It parses POST and GET requests, placing form-elements into the
       environment as name=value pairs for the CGI script to use. This is
       somewhat like the uncgi wrapper.
     * It opens a shell, and translates all text into printable statements.
       All text within <% ... %> constructs is passed verbatim to the shell.
       This is somewhat similar to how PHP scripts are parsed.
     * It can be set up to drop its permissions to the owner of the script,
       giving it some of the security features of suexec or cgiwrapper.

Obligatory Why-The-Name Appendix: Haserl is just a German dialect word
for "bunny", which seems fairly random...
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff -ru old/control new/control
--- old/control	2011-07-16 22:25:24.453960942 +0100
+++ new/control	2011-07-21 20:40:09.689960827 +0100
@@ -17,17 +17,16 @@
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Recommends: lua5.1
 Description: CGI scripting program for embedded environments
- Haserl is a small cgi wrapper that allows "PHP" style cgi programming, but uses
- a UNIX bash-like shell or Lua as the programming language. It is very small, so
- it can be used in embedded environments, or where something like PHP is too
- big.
+ Haserl is a CGI wrapper that allows PHP-style programming in Lua or a
+ Bash-like shell. It is very small, so it can be used in embedded
+ environments, or where something like PHP is too big.
  .
- It combines three features into a small cgi engine:
-  * It parses POST and GET requests, placing form-elements as name=value
-    pairs into the environment for the CGI script to use.  This is somewhat like
-    the uncgi wrapper.
-  * It opens a shell, and translates all text into printable statements. All
-    text within <% ... %> constructs are passed verbatim to the shell. This is
-    somewhat similar to how PHP scripts are parsed.
-  * It can optionally be installed to drop its permissions to the owner of the
-    script, giving it some of the security features of suexec or cgiwrapper.
+ It combines three features into a small CGI engine:
+  * It parses POST and GET requests, placing form-elements into the
+    environment as name=value pairs for the CGI script to use. This is
+    somewhat like the uncgi wrapper.
+  * It opens a shell, and translates all text into printable statements.
+    All text within <% ... %> constructs is passed verbatim to the shell.
+    This is somewhat similar to how PHP scripts are parsed.
+  * It can be set up to drop its permissions to the owner of the script,
+    giving it some of the security features of suexec or cgiwrapper.
diff -ru old/haserl.templates new/haserl.templates
--- old/haserl.templates	2011-07-16 22:25:23.117960453 +0100
+++ new/haserl.templates	2011-07-21 20:34:32.189962241 +0100
@@ -3,7 +3,7 @@
 Default: false
 _Description: Install haserl binary with suid root permissions?
  When haserl is installed with suid root permissions, it will automatically set
- its UID and GID to that of the owner and group of the script.
+ its UID and GID to match the owner and group of the script.
  .
- WARNING: This is a potential security vulnerability, as scripts that are owned
+ This is a potential security vulnerability, as scripts that are owned
  by root will be run as root, even when they do not have the suid root bit.

Template: haserl/setuid
Type: boolean
Default: false
_Description: Install haserl binary with suid root permissions?
 When haserl is installed with suid root permissions, it will automatically set
 its UID and GID to match the owner and group of the script.
 .
 This is a potential security vulnerability, as scripts that are owned
 by root will be run as root, even when they do not have the suid root bit.

Source: haserl
Section: interpreters
Priority: optional
Maintainer: Chow Loong Jin <hyperair@ubuntu.com>
Build-Depends: debhelper (>= 7.0.50~),
               po-debconf,
               autotools-dev,
               liblua5.1-0-dev,
               pkg-config
Standards-Version: 3.9.1
Homepage: http://haserl.sourceforge.net/
Vcs-Git: git://git.debian.org/collab-maint/haserl.git
Vcs-Browser: http://git.debian.org/?p=collab-maint/haserl.git;a=summary

Package: haserl
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: lua5.1
Description: CGI scripting program for embedded environments
 Haserl is a CGI wrapper that allows PHP-style programming in Lua or a
 Bash-like shell. It is very small, so it can be used in embedded
 environments, or where something like PHP is too big.
 .
 It combines three features into a small CGI engine:
  * It parses POST and GET requests, placing form-elements into the
    environment as name=value pairs for the CGI script to use. This is
    somewhat like the uncgi wrapper.
  * It opens a shell, and translates all text into printable statements.
    All text within <% ... %> constructs is passed verbatim to the shell.
    This is somewhat similar to how PHP scripts are parsed.
  * It can be set up to drop its permissions to the owner of the script,
    giving it some of the security features of suexec or cgiwrapper.
Reply to: