Bug#405454: [new check] init script in level S must only use commands from /sbin:/bin

To: Raphael Geissert <geissert@debian.org>
Cc: 405454@bugs.debian.org
Subject: Bug#405454: [new check] init script in level S must only use commands from /sbin:/bin
From: Russ Allbery <rra@debian.org>
Date: Thu, 24 Dec 2009 17:22:58 -0800
Message-id: <[🔎] 87y6krg83x.fsf@windlord.stanford.edu>
Reply-to: Russ Allbery <rra@debian.org>, 405454@bugs.debian.org
In-reply-to: <200909161751.37239.geissert@debian.org> (Raphael Geissert's message of "Wed, 16 Sep 2009 17:51:36 -0500")
References: <200909161751.37239.geissert@debian.org>

Raphael Geissert <geissert@debian.org> writes:

> Attached patch implements the first part of the test, by only looking
> for mentions of /var or /usr in the init script. I'll later finish the
> second part of the check, which relies on the list of /bin and /sbin
> binaries in the archive.

I looked at this today, but I'm nervous about false positives since the
init script checks currently don't have any of the logic that the scripts
check has to avoid heredocs, conditionals, and so forth.  I'm afraid we'll
trigger on printed output for the user.

I'm going to go ahead and apply this, but mark the new tags as
experimental so that we can run it for a while and see what the results
look like and if there are a lot of false positives.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Prev by Date: Processed: limit source to lintian, tagging 560005
Next by Date: [SCM] Debian package checker branch, master, updated. 2.2.18-58-g6574892
Previous by thread: Processed: limit source to lintian, tagging 560005
Next by thread: Bug#405454: [new check] init script in level S must only use commands from /sbin:/bin
Index(es):
- Date
- Thread