lintian: r117 - in trunk: checks debian testset testset/scripts testset/scripts/debian
Author: djpig
Date: 2004-03-31 23:28:27 +0200 (Wed, 31 Mar 2004)
New Revision: 117
Added:
trunk/testset/scripts/suidperlfoo
Modified:
trunk/checks/scripts
trunk/checks/scripts.desc
trunk/debian/changelog
trunk/testset/scripts/debian/changelog
trunk/testset/scripts/debian/rules
trunk/testset/tags.scripts
Log:
checks/scripts:
+ [FL] Add /usr/bin/php as valid interpreter. (Closes: #239115)
+ [FL] Reflect new suidperl handling. /usr/bin/suidperl
shouldn't/can't be called directly anymore so add a new
error and remove it from the list of usual interpreters.
(Closes: #240806)
Modified: trunk/checks/scripts
===================================================================
--- trunk/checks/scripts 2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/checks/scripts 2004-03-31 21:28:27 UTC (rev 117)
@@ -56,6 +56,7 @@
'perl-5.004' => '/usr/bin/perl-5.004',
'pforth' => '/usr/bin/pforth',
'php3' => '/usr/bin/php3',
+ 'php' => '/usr/bin/php',
'php4' => '/usr/bin/php4',
'pike' => '/usr/bin/pike',
'pike7' => '/usr/bin/pike7',
@@ -74,7 +75,6 @@
'scsh' => '/usr/bin/scsh',
'sed' => '/bin/sed',
'sh' => '/bin/sh',
- 'suidperl' => '/usr/bin/suidperl',
'tcl' => '/usr/bin/tcl',
'tclsh' => '/usr/bin/tclsh',
'tcsh' => '/usr/bin/tcsh',
@@ -108,6 +108,7 @@
'perl-5.005' => 'perl-5.005',
'perl-5.004' => 'perl-5.004',
'pforth' => 'pforth',
+ 'php' => 'php4-cgi',
'php3' => 'php3-cgi',
'php4' => 'php4-cgi',
'pike' => 'pike',
@@ -119,7 +120,6 @@
'runhugs1.4' => 'hugs',
'runhugs98' => 'hugs98',
'scsh' => 'scsh',
- 'suidperl' => 'perl-suid',
'tcl' => 'tcl',
'tclsh' => 'tclsh',
'tcsh' => 'tcsh',
@@ -130,6 +130,7 @@
);
my %executable = ();
+my %suid = ();
my %ELF = ();
my %deps = ();
my %scripts = ();
@@ -146,7 +147,9 @@
next unless (m/^-[rw-]*[xs]/);
chop;
s/ link to .*//;
+ my $is_suid = m/^-[rw-]*s/;
$executable{(split(' ', $_, 6))[5]} = 1;
+ $suid{(split(' ', $_, 6))[5]} = $is_suid;
}
close(INDEX);
@@ -236,6 +239,9 @@
} elsif ($base eq 'pike') {
tag_error("pike-script-but-no-pike-dep", $filename)
unless ($deps{'pike'} or $deps{'pike7'});
+ } elsif ($base eq 'perl' && $suid{$filename}) {
+ tag_error("suid-perl-script-but-no-perl-suid-dep", $filename)
+ unless ($deps{'perl-suid'});
} elsif ($base =~ m/^wish(\d+\.\d+)?$/) {
my $has_deps = 0;
for my $key (keys(%deps)) {
@@ -256,6 +262,8 @@
} elsif ($executable{'.' . $interpreter}) { # each key is './path/to/exe'
# Package installs the interpreter itself, so it's probably ok.
# Don't emit any tag for this.
+ } elsif ($base eq 'suidperl') {
+ tag_error("calls-suidperl-directly", $filename);
} else {
tag_warn("unusual-interpreter", $filename, "#!$interpreter");
}
Modified: trunk/checks/scripts.desc
===================================================================
--- trunk/checks/scripts.desc 2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/checks/scripts.desc 2004-03-31 21:28:27 UTC (rev 117)
@@ -263,13 +263,22 @@
In some cases a weaker relationship, such as Suggests or Recommends, will
be more appropriate.
-Tag: wrong-path-for-suidperl
+Tag: suid-perl-script-but-no-perl-suid-dep
Type: error
-Info: Suidperl is installed as /usr/bin/suidperl on Debian systems.
+Info: Packages that use perl scripts that are suid must depend on the
+ perl-suid package.
+ .
+ In some cases a weaker relationship, such as Suggests or Recommends, will
+ be more appropriate.
-Tag: suidperl-script-but-no-perl-suid-dep
+Tag: wrong-path-for-php
Type: error
-Info: Packages that use suidperl scripts must depend on the perl-suid package.
+Info: PHP can be called as /usr/bin/php on Debian systems.
+
+Tag: php-script-but-no-php4-cgi-dep
+Type: error
+Info: Packages that use PHP scripts with /usr/bin/php as interpreter must
+ depend on the php4-cgi package.
.
In some cases a weaker relationship, such as Suggests or Recommends, will
be more appropriate.
@@ -479,6 +488,13 @@
In some cases a weaker relationship, such as Suggests or Recommends, will
be more appropriate.
+Tag: calls-suidperl-directly
+Type: error
+Info: Since perl version 5.8.3-3, /usr/bin/suidperl shouldn't be called directly
+ anymore (and doing so will lead to errors in most cases) but the script should
+ just use /usr/bin/perl as interpreter which will call suidperl automatically if
+ the script has the suid permission bit set.
+
Tag: shell-script-fails-syntax-check
Type: error
Info: Running this shell script with the shell's -n option set fails,
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/debian/changelog 2004-03-31 21:28:27 UTC (rev 117)
@@ -11,7 +11,14 @@
* checks/fields.desc:
+ [FL] Fix some wrong policy references
* checks/menu-format:
- + [FL] only issue one warning about needs=dwww, not two
+ + [FL] Only issue one warning about needs=dwww, not two
+ * checks/scripts:
+ + [FL] Add /usr/bin/php as valid interpreter. (Closes: #239115)
+ Thanks to Peter Eisentraut for pointing this change out
+ + [FL] Reflect new suidperl handling. /usr/bin/suidperl
+ shouldn't/can't be called directly anymore so add a new
+ error and remove it from the list of usual interpreters.
+ (Closes: #240806)
-- Frank Lichtenheld <djpig@debian.org> Sat, 27 Mar 2004 20:55:15 +0100
Modified: trunk/testset/scripts/debian/changelog
===================================================================
--- trunk/testset/scripts/debian/changelog 2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/testset/scripts/debian/changelog 2004-03-31 21:28:27 UTC (rev 117)
@@ -1,3 +1,10 @@
+scripts (3) unstable; urgency=low
+
+ * Add suidperlfoo and some code in debian/rules to
+ check the new suidperl checks
+
+ -- Frank Lichtenheld <djpig@debian.org> Wed, 31 Mar 2004 21:06:20 +0000
+
scripts (2) unstable; urgency=low
* Add tkfoo script for tk checkings
Modified: trunk/testset/scripts/debian/rules
===================================================================
--- trunk/testset/scripts/debian/rules 2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/testset/scripts/debian/rules 2004-03-31 21:28:27 UTC (rev 117)
@@ -14,6 +14,8 @@
install -m 755 pyfoo $(tmp)/usr/bin/
install -m 755 py2foo $(tmp)/usr/bin/
install -m 755 perlfoo $(tmp)/usr/bin/
+ install -m 4755 perlfoo $(tmp)/usr/bin/suidperlfoo2
+ install -m 4755 suidperlfoo $(tmp)/usr/bin/
install -m 755 tkfoo $(tmp)/usr/bin/
cp debian/changelog $(tmp)/usr/share/doc/scripts/changelog
gzip -9 $(tmp)/usr/share/doc/scripts/changelog
Added: trunk/testset/scripts/suidperlfoo
===================================================================
--- trunk/testset/scripts/suidperlfoo 2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/testset/scripts/suidperlfoo 2004-03-31 21:28:27 UTC (rev 117)
@@ -0,0 +1,3 @@
+#! /usr/bin/suidperl
+
+print "Hello, World!";
Modified: trunk/testset/tags.scripts
===================================================================
--- trunk/testset/tags.scripts 2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/testset/tags.scripts 2004-03-31 21:28:27 UTC (rev 117)
@@ -2,7 +2,13 @@
E: scripts: binary-without-manpage perlfoo
E: scripts: binary-without-manpage py2foo
E: scripts: binary-without-manpage pyfoo
+E: scripts: binary-without-manpage suidperlfoo
+E: scripts: binary-without-manpage suidperlfoo2
E: scripts: binary-without-manpage tkfoo
+W: scripts: setuid-binary usr/bin/suidperlfoo2 4755 root/root
+W: scripts: setuid-binary usr/bin/suidperlfoo 4755 root/root
E: scripts: python-script-but-no-python-dep ./usr/bin/pyfoo
E: scripts: python-script-but-no-python-dep ./usr/bin/py2foo
+E: scripts: suid-perl-script-but-no-perl-suid-dep ./usr/bin/suidperlfoo2
+E: scripts: calls-suidperl-directly ./usr/bin/suidperlfoo
E: scripts: no-copyright-file
Reply to: