[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#405454: [new check] init script in level S must only use commands from /sbin:/bin

Russ Allbery wrote:

> Raphael Geissert writes:
> 
>> Attached patch implements the first part of the test, by only looking
>> for mentions of /var or /usr in the init script. I'll later finish the
>> second part of the check, which relies on the list of /bin and /sbin
>> binaries in the archive.
> 
> I looked at this today, but I'm nervous about false positives since the
> init script checks currently don't have any of the logic that the scripts
> check has to avoid heredocs, conditionals, and so forth.  I'm afraid we'll
> trigger on printed output for the user.
> 
> I'm going to go ahead and apply this, but mark the new tags as
> experimental so that we can run it for a while and see what the results
> look like and if there are a lot of false positives.
> 

I'm fine with marking it as experimental, although I ran it against all the
packages providing init script and didn't find any false positive in those
scripts I verified.

A similar check is being run daily (see http://lintian.d.o/~pere/) and it
has helped file many bug reports without any FP as far as I'm aware of, so
far.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply to: