[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#533618: [collection/strings] fails on setuid/setgid/sticky files when run as root

Package: lintian
Version: 2.2.10
Severity: normal
Tags: patch


Thanks a lot for working on lintian!

In version 2.2.10, the list of files examined by collection/strings was
limited to those containing ":<whitespace>ELF" to avoid false positives.
However, this kind of fails on packages containing setuid, setgid, or
sticky binaries *only when the lintian test is run as root*.

Of course, I realize that running lintian as root is discouraged, but
that's what pbuilder does by default, and IMHO there's no harm in
supporting it with a simple change such as the following patch :)
I'm reporting the bug against lintian-2.2.10 in squeeze, but it is also
present (and the patch is against) unstable's 2.2.12.  I hope that
this bug won't prevent the migration of 2.2.12 to squeeze, which would
be desirable because of the support for Policy 3.8.2 :>

Keep up the good work!


*** strings-on-setid-files.patch
Fix strings run as root on setuid, setgid, or sticky executables.

diff -urN lintian-2.2.12/collection/strings lintian-2.2.12-roam/collection/strings
--- lintian-2.2.12/collection/strings	2009-06-19 03:22:54.000000000 +0300
+++ lintian-2.2.12-roam/collection/strings	2009-06-19 13:01:40.000000000 +0300
@@ -27,7 +27,7 @@
 [ ! -f elf-index ] || rm -f elf-index
 exec >elf-index
-for bin in $(sed -rn 's/:\s+\bELF\b.+$//g;T;p' file-info); do
+for bin in $(sed -rn 's/:\s+((set[ug]id|sticky)\s+)*\bELF\b.+$//g;T;p' file-info); do
     echo "$bin"
     case $bin in

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages lintian depends on:
ii  binutils               2.19.1-1          The GNU assembler, linker and bina
ii  diffstat               1.47-1            produces graph of changes introduc
ii  dpkg-dev               1.15.2            Debian package development tools
ii  file                   5.03-1            Determines file type using "magic"
ii  gettext                0.17-6            GNU Internationalization utilities
ii  intltool-debian        0.35.0+20060710.1 Help i18n of RFC822 compliant conf
ii  libipc-run-perl        0.82-1            Perl module for running processes
ii  libparse-debianchangel 1.1.1-2           parse Debian changelogs and output
ii  libtimedate-perl       1.1600-9          Time and date functions for Perl
ii  liburi-perl            1.37+dfsg-1       Manipulates and accesses URI strin
ii  man-db                 2.5.5-2           on-line manual pager
ii  perl [libdigest-sha-pe 5.10.0-23         Larry Wall's Practical Extraction 

lintian recommends no packages.

Versions of packages lintian suggests:
ii  binutils-multiarch            2.19.1-1   Binary utilities that support mult
ii  libtext-template-perl         1.45-1     Text::Template perl module
ii  man-db                        2.5.5-2    on-line manual pager

-- no debconf information

Attachment: pgptRbJa3CKds.pgp
Description: PGP signature

Reply to: