Bug#167422: files in /usr/share should be world-readable
>> On Sat, 2 Nov 2002 23:30:02 -0500, Glenn Maynard <glenn@zewt.org> wrote:
G> I'd suggest closing this bug and filing bugs against the individual
G> packages. Perhaps a wishlist bug should be filed against lintian to
G> check for this, too.
In the case of the emacs add-on packages, devising a lintian test will
not be easy. Let me explain why here and invite anyone who sees a
good way to resolve the difficulty below to add to (wishlist) bug
report <URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167685>,
which I have just file for lintian.
After this mail, I'll close this bug report and file reports against
as many individual packages as I can find. Finding such packages
involves the same problem described below of getting lintian to
recognize them. Lintian (AFAI can tell) doesn't do the actual install
process, but I could try temporarily to install every package that
depends on emacsen | emacs21 | ... and then manually examine what's in
/usr/share. Please mail me privately if you have a better method.
Here's why I think it will be hard in some cases for lintian to catch
these files. From what I can tell, lintian does not perform an actual
install, it just looks at the install scripts and deduces what *will*
be done. I'm having trouble figuring how to get a script to catch
them all.
The python2.2-2.2.2 source package exhibits the difficulty well, so
I'll use it as an example. One of the ".deb"s it creates is
python2.2-elisp, which at install-time creates the file
/usr/share/emacs21/site-lisp/python2.2-elisp/install.log with
permissions 600 -- the kind of file we're trying to get lintian to
inhibit.
In the source package, the file ./debian/PVER-elisp.install.in
contains the lines:
ELCDIR=/usr/share/$FLAVOR/site-lisp/$PACKAGE
[...]
LOG=`tempfile`
[...]
$FLAVOR $BATCHFLAGS $PRELOADS $COMPILE >>$LOG 2>&1
[...]
mv -f $LOG $ELCDIR/install.log
The default mode of a file created by "tempfile" is 600 -- this is
how the file with the inappropriate mode is first created.
The problematic source packages for emacs add-ons that I've looked at
seem to have an adapted version of an original script. Individual
maintainers are copying or adapting their script from a prototype in
an already-existing package: this is how the inappropriate practice of
using "tempfile" and copying it into /usr/share is being continued.
In source packages, there is no standard name in the ./debian
directory for the script that ends up in
/usr/lib/emacsen-common/packages/install/. I suppose it is more
accurate to say that there is a standard name,
./debian/($pkg\.)?emacsen-install, which is what dh_installemacsen
will automatically pick up, but not all packages use that name or
necessarily have such a script at all.
So here's what I think lintian can do:
1) find debian/$pkg/usr/share -not -perm a=r
This check is easy and will have no false positives; it will
catch any bad file that is actually included in the .deb (by
examining the staging tree), but not files generated during
installation. We may as well do chmod a+rX on everything in
/usr/share in dh_fixperms as well as checking this in lintian,
so I've submitted a wishlist bug to debhelper as well
<URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167708>.
2) a kludgy check looking for the pattern above in emacs add-on
package scripts.
I wrote an example script "check-perms" below (which also checks
for (1) above).
This kludge may catch false positives. The search patterns can
be made more or less restrictive, of course. We could look for
the string "tempfile" without a "-m" or "--mode" inside $(..)
or `..`, etc.
3) ?? PLEASE SUGGEST! Add to bug report
<URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167685>
---------------------snip: check-perms
#!/bin/sh
# invoke this script in a directory of unpacked sources of emacs add-on packages:
# find -maxdepth 1 -type d -exec check-perms {} \;
dir="$1"
realdir="$(realpath $dir)"
pkg="$(basename $(echo $dir|sed 's/\(.*\)-.*/\1/'))"
echo "Working on dir $realdir"
if ! [ -d $dir ]; then
echo -e "\tdoes not exist: OK"
exit 0
fi
cd $dir &>/dev/null
one="debian/$pkg/usr/share"
two="tmp/$pkg/usr/share"
if [ -d "$one" -o -d "$two" ]; then
[ -d "$one" ] && dirs="$one"
[ -d "$two" ] && dirs="$dirs $two"
echo -e "\tlooking for files in the staging tree:"
find $dirs -not -perm a=r | xargs -i echo -e "\t\t***[A] $realdir/{} is not world-readable!"
else
echo -e "\tno dir usr/share in staging dir(s) $dirs: OK"
fi
if tocheck=$(ls debian/*emacsen?install* 2>/dev/null); then
echo -e "\tchecking emacsen-install files:"
for f in $tocheck; do
if ! awk '/(LOG|log)=`tempfile`/ {part1=1}
/mv .*install\.log/ {part2=1}
END {if (part1 && part2) exit 1}' "$f" &> /dev/null; then
echo -e "\t\t***[B] $realdir/$f seems to create a file in /usr/share that is not world-readable!"
else
echo -e "\t\tfile $realdir/$f OK"
fi
done
else
echo -e "\tno emacsen-install files: OK"
fi
Reply to: