[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

lintian: r117 - in trunk: checks debian testset testset/scripts testset/scripts/debian



Author: djpig
Date: 2004-03-31 23:28:27 +0200 (Wed, 31 Mar 2004)
New Revision: 117

Added:
   trunk/testset/scripts/suidperlfoo
Modified:
   trunk/checks/scripts
   trunk/checks/scripts.desc
   trunk/debian/changelog
   trunk/testset/scripts/debian/changelog
   trunk/testset/scripts/debian/rules
   trunk/testset/tags.scripts
Log:
checks/scripts:
+ [FL] Add /usr/bin/php as valid interpreter. (Closes: #239115)
+ [FL] Reflect new suidperl handling. /usr/bin/suidperl
  shouldn't/can't be called directly anymore so add a new
  error and remove it from the list of usual interpreters.
  (Closes: #240806)


Modified: trunk/checks/scripts
===================================================================
--- trunk/checks/scripts	2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/checks/scripts	2004-03-31 21:28:27 UTC (rev 117)
@@ -56,6 +56,7 @@
 			  'perl-5.004' => '/usr/bin/perl-5.004',
 			  'pforth' => '/usr/bin/pforth',
 			  'php3' => '/usr/bin/php3',
+			  'php' => '/usr/bin/php',
 			  'php4' => '/usr/bin/php4',
 			  'pike' => '/usr/bin/pike',
 			  'pike7' => '/usr/bin/pike7',
@@ -74,7 +75,6 @@
 			  'scsh' => '/usr/bin/scsh',
 			  'sed' => '/bin/sed',
 			  'sh' => '/bin/sh',
-			  'suidperl' => '/usr/bin/suidperl',
 			  'tcl' => '/usr/bin/tcl',
 			  'tclsh' => '/usr/bin/tclsh',
 			  'tcsh' => '/usr/bin/tcsh',
@@ -108,6 +108,7 @@
 				'perl-5.005' => 'perl-5.005',
 				'perl-5.004' => 'perl-5.004',
 				'pforth' => 'pforth',
+				'php' => 'php4-cgi',
 				'php3' => 'php3-cgi',
 				'php4' => 'php4-cgi',
 				'pike' => 'pike',
@@ -119,7 +120,6 @@
 				'runhugs1.4' => 'hugs',
 				'runhugs98' => 'hugs98',
 				'scsh' => 'scsh',
-				'suidperl' => 'perl-suid',
 				'tcl' => 'tcl',
 				'tclsh' => 'tclsh',
 				'tcsh' => 'tcsh',
@@ -130,6 +130,7 @@
 			       );
 
 my %executable = ();
+my %suid = ();
 my %ELF = ();
 my %deps = ();
 my %scripts = ();
@@ -146,7 +147,9 @@
     next unless (m/^-[rw-]*[xs]/);
     chop;
     s/ link to .*//;
+    my $is_suid = m/^-[rw-]*s/;
     $executable{(split(' ', $_, 6))[5]} = 1;
+    $suid{(split(' ', $_, 6))[5]} = $is_suid;
 }
 close(INDEX);
 
@@ -236,6 +239,9 @@
             } elsif ($base eq 'pike') {
                 tag_error("pike-script-but-no-pike-dep", $filename)
                     unless ($deps{'pike'} or $deps{'pike7'});
+	    } elsif ($base eq 'perl' && $suid{$filename}) {
+		tag_error("suid-perl-script-but-no-perl-suid-dep", $filename)
+		    unless ($deps{'perl-suid'});
 	    } elsif ($base =~ m/^wish(\d+\.\d+)?$/) {
 		my $has_deps = 0;
 		for my $key (keys(%deps)) {
@@ -256,6 +262,8 @@
     } elsif ($executable{'.' . $interpreter}) { # each key is './path/to/exe'
 	# Package installs the interpreter itself, so it's probably ok.
 	# Don't emit any tag for this.
+    } elsif ($base eq 'suidperl') {
+	tag_error("calls-suidperl-directly", $filename);
     } else {
 	tag_warn("unusual-interpreter", $filename, "#!$interpreter");
     }

Modified: trunk/checks/scripts.desc
===================================================================
--- trunk/checks/scripts.desc	2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/checks/scripts.desc	2004-03-31 21:28:27 UTC (rev 117)
@@ -263,13 +263,22 @@
  In some cases a weaker relationship, such as Suggests or Recommends, will
  be more appropriate.
 
-Tag: wrong-path-for-suidperl
+Tag: suid-perl-script-but-no-perl-suid-dep
 Type: error
-Info: Suidperl is installed as /usr/bin/suidperl on Debian systems.
+Info: Packages that use perl scripts that are suid must depend on the
+ perl-suid package.
+ .
+ In some cases a weaker relationship, such as Suggests or Recommends, will
+ be more appropriate.
 
-Tag: suidperl-script-but-no-perl-suid-dep
+Tag: wrong-path-for-php
 Type: error
-Info: Packages that use suidperl scripts must depend on the perl-suid package.
+Info: PHP can be called as /usr/bin/php on Debian systems.
+
+Tag: php-script-but-no-php4-cgi-dep
+Type: error
+Info: Packages that use PHP scripts with /usr/bin/php as interpreter must
+ depend on the php4-cgi package.
  .
  In some cases a weaker relationship, such as Suggests or Recommends, will
  be more appropriate.
@@ -479,6 +488,13 @@
  In some cases a weaker relationship, such as Suggests or Recommends, will
  be more appropriate.
 
+Tag: calls-suidperl-directly
+Type: error
+Info: Since perl version 5.8.3-3, /usr/bin/suidperl shouldn't be called directly
+ anymore (and doing so will lead to errors in most cases) but the script should
+ just use /usr/bin/perl as interpreter which will call suidperl automatically if
+ the script has the suid permission bit set.
+
 Tag: shell-script-fails-syntax-check
 Type: error
 Info: Running this shell script with the shell's -n option set fails,

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/debian/changelog	2004-03-31 21:28:27 UTC (rev 117)
@@ -11,7 +11,14 @@
   * checks/fields.desc:
     + [FL] Fix some wrong policy references
   * checks/menu-format:
-    + [FL] only issue one warning about needs=dwww, not two
+    + [FL] Only issue one warning about needs=dwww, not two
+  * checks/scripts:
+    + [FL] Add /usr/bin/php as valid interpreter. (Closes: #239115)
+      Thanks to Peter Eisentraut for pointing this change out
+    + [FL] Reflect new suidperl handling. /usr/bin/suidperl
+      shouldn't/can't be called directly anymore so add a new
+      error and remove it from the list of usual interpreters.
+      (Closes: #240806)
 
  -- Frank Lichtenheld <djpig@debian.org>  Sat, 27 Mar 2004 20:55:15 +0100
 

Modified: trunk/testset/scripts/debian/changelog
===================================================================
--- trunk/testset/scripts/debian/changelog	2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/testset/scripts/debian/changelog	2004-03-31 21:28:27 UTC (rev 117)
@@ -1,3 +1,10 @@
+scripts (3) unstable; urgency=low
+
+  * Add suidperlfoo and some code in debian/rules to
+    check the new suidperl checks
+
+ -- Frank Lichtenheld <djpig@debian.org>  Wed, 31 Mar 2004 21:06:20 +0000
+
 scripts (2) unstable; urgency=low
 
   * Add tkfoo script for tk checkings

Modified: trunk/testset/scripts/debian/rules
===================================================================
--- trunk/testset/scripts/debian/rules	2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/testset/scripts/debian/rules	2004-03-31 21:28:27 UTC (rev 117)
@@ -14,6 +14,8 @@
 	install -m 755 pyfoo $(tmp)/usr/bin/
 	install -m 755 py2foo $(tmp)/usr/bin/
 	install -m 755 perlfoo $(tmp)/usr/bin/
+	install -m 4755 perlfoo $(tmp)/usr/bin/suidperlfoo2
+	install -m 4755 suidperlfoo $(tmp)/usr/bin/
 	install -m 755 tkfoo $(tmp)/usr/bin/
 	cp debian/changelog $(tmp)/usr/share/doc/scripts/changelog
 	gzip -9 $(tmp)/usr/share/doc/scripts/changelog

Added: trunk/testset/scripts/suidperlfoo
===================================================================
--- trunk/testset/scripts/suidperlfoo	2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/testset/scripts/suidperlfoo	2004-03-31 21:28:27 UTC (rev 117)
@@ -0,0 +1,3 @@
+#! /usr/bin/suidperl
+
+print "Hello, World!";

Modified: trunk/testset/tags.scripts
===================================================================
--- trunk/testset/tags.scripts	2004-03-31 20:31:19 UTC (rev 116)
+++ trunk/testset/tags.scripts	2004-03-31 21:28:27 UTC (rev 117)
@@ -2,7 +2,13 @@
 E: scripts: binary-without-manpage perlfoo
 E: scripts: binary-without-manpage py2foo
 E: scripts: binary-without-manpage pyfoo
+E: scripts: binary-without-manpage suidperlfoo
+E: scripts: binary-without-manpage suidperlfoo2
 E: scripts: binary-without-manpage tkfoo
+W: scripts: setuid-binary usr/bin/suidperlfoo2 4755 root/root
+W: scripts: setuid-binary usr/bin/suidperlfoo 4755 root/root
 E: scripts: python-script-but-no-python-dep ./usr/bin/pyfoo
 E: scripts: python-script-but-no-python-dep ./usr/bin/py2foo
+E: scripts: suid-perl-script-but-no-perl-suid-dep ./usr/bin/suidperlfoo2
+E: scripts: calls-suidperl-directly ./usr/bin/suidperlfoo
 E: scripts: no-copyright-file



Reply to: