Bug#911157: lintian: complain about grepping the passwd/group file instead of using getent

To: 911157@bugs.debian.org
Subject: Bug#911157: lintian: complain about grepping the passwd/group file instead of using getent
From: Rhonda D'Vine <rhonda@debian.org>
Date: Tue, 16 Oct 2018 23:12:19 +0200
Message-id: <[🔎] 20181016211219.GA303@anguilla.debian.or.at>
Reply-to: Rhonda D'Vine <rhonda@debian.org>, 911157@bugs.debian.org
In-reply-to: <[🔎] 1539702317.1736175.1543956296.72315849@webmail.messagingengine.com>
References: <[🔎] 20181016144959.GA24218@anguilla.debian.or.at> <[🔎] 1539702317.1736175.1543956296.72315849@webmail.messagingengine.com> <[🔎] 20181016144959.GA24218@anguilla.debian.or.at>

* Chris Lamb <lamby@debian.org> [2018-10-16 17:05:17 CEST]:
> Dear Rhonda,
> 
> Thank you for filing this.

 Sure, no worries. :)

> > https://sources.debian.org/src/proftpd-dfsg/1.3.5d-1/debian/proftpd-basic.postinst/?hl=28#L28
> > is an example from our pool, but there are more.
> 
> This example:
> 
>   https://github.com/FRRouting/frr/blob/master/debianpkg/frr.postinst#L4-L9
> 
> … is also relevant but may not be as-reliably detectable.

 It's nice that you come to the same conclusion about the same code
snippet that I mentioned in my original mail, let me quote myself. :)

,------------------------> original bugreport <------------------------
|  The package where I stumbled upon this had the code a bit more complex,
| I'm unsure how this might be detectable:
| 
| #v+
| PASSWDFILE=/etc/passwd
| GROUPFILE=/etc/group
| 
| frruid=`egrep "^frr:" $PASSWDFILE | awk -F ":" '{ print $3 }'`
| frrgid=`egrep "^frr:" $GROUPFILE | awk -F ":" '{ print $3 }'`
| frrvtygid=`egrep "^frrvty:" $GROUPFILE | awk -F ":" '{ print $3 }'`
| #v-
`------------------------> original bugreport <------------------------

 So, yes, we seem to agree on that. :)

> However, to
> quote IRC:
> 
>   * h01ger agrees that any reference to /etc/passwd or /etc/group is
>     very probably a bug

 Right, though some packages (shadow comes to mind?) might refer to it
with good reasons.  But I'm sure you can check that in lintian labs for
false positives.

 When I look into
https://salsa.debian.org/lintian/lintian/commit/8cbfd096b0 though:

~\b(grep\b.*/etc/(?:passwd|group))\b

 I'm not completely sure about the syntax here, but the \b before the
bracket looks like it wouldn't catch egrep - which is used in the above
example (although it's using a variable instead of the filename so it
wouldn't catch it anyway - but if it would use the filename ... would
that match?

 Enjoy,
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

Reply to:

Follow-Ups:
- Bug#911157: lintian: complain about grepping the passwd/group file instead of using getent
  - From: Chris Lamb <lamby@debian.org>

References:
- Bug#911157: lintian: complain about grepping the passwd/group file instead of using getent
  - From: Rhonda D'Vine <rhonda@debian.org>
- Bug#911157: lintian: complain about grepping the passwd/group file instead of using getent
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Build failed in Jenkins: lintian-tests_sid #3327
Next by Date: Jenkins build is back to normal : lintian-tests_sid #3328
Previous by thread: Bug#911157: lintian: complain about grepping the passwd/group file instead of using getent
Next by thread: Bug#911157: lintian: complain about grepping the passwd/group file instead of using getent
Index(es):
- Date
- Thread