[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#657076: Updating and maintaining barry in Debian / Ubuntu

On Fri, May 11, 2012, intrigeri wrote:
> Next review round results in:

Thanks :-)


> 1. debian/copyright may be syntaxically correct, but it looks weird
>    compared to how people usually put things in there.
>    Attached patch fixes this. Please consider applying it.

I applied the patch, with a slight change.

I didn't realize that the License section could be all by itself,
so thanks for that!


> 2. I don't think "src/vformat.{h,c}" is supported syntax in a Files:
>    field in debian/copyright.

Probably not, according to the spec.  I changed it to list both files
separately.


> 3. The homepage set in debian/control is not the same as the one set
>    in debian/copyright. This looks wrong.

The one in copyright, under the Source: field, is where you get the source
code, while the one in control, under Homepage, is where you find the
welcome and documentation.  I've updated copyright to make this clearer.


> 4. barrydesktop Suggests: gksu. How usable is it without gksu?

I picked Suggests so that it would be easy to install without gksu.
It is for the modem mode, and if the user is a member of the dip group,
then it is not needed.  But if not, the desktop warns the user to add
themselves to the same group used by /usr/sbin/pppd, and then offers a
way to continue anyway, by calling gksu.


> 5. It seems to me BARRY_FIFO_NAME is handled in a way that opens
>    avenues to symlink attacks. Am I wrong? Files in world-writable
>    directories must be treated with care.

I believe it is safe.  Here is the comment I added to the code in git to
explain my reasoning:

                // Security Note:
                // --------------
                // This should be safe from symlink attacks, since
                // mkfifo(), in the constructor, will fail if any other
                // file or symlink already exists, and therefore we will
                // never get to this open() call if that fails.  And if
                // mkfifo() succeeds, then we are guaranteed (assuming /tmp
                // permissions are correct) that only root or our own
                // user can replace the fifo with something else, such
                // as a symlink.
                //
                // The server side is not intended to run as root, yet
                // if it is, then we are still safe, due to the above logic.
                // The client side can run as root (depending on what pppd
                // does with pppob), and has no control over creation of
                // the fifo, but only opens it for reading, never for
                // creation or writing. (See FifoClient() below.)
                //
                // Therefore, we can only be attacked, via symlink,
                // by root or ourselves.
                //
                int fd = open(BARRY_FIFO_NAME, O_WRONLY | O_NONBLOCK);
                if( fd == -1 ) {
			...


> Also, Lintian in "--info --display-info --pedantic" mode still outputs
> a bunch of relevant comments.

In my testing there were only info statements, which for the most part
I thought could be ignored.  I beefed up the descriptions a bit to
avoid the extended-description-is-probably-too-short message.

For desktop-entry-contains-encoding-key, I added overrides with the
following explanation:

   # The encoding key is set to UTF-8, and this is the default, and according
   # to lintian help text, this is harmless.  For the sake of simplicity
   # and backward compatibility, it has been left in.

For no-symbols-control-file, I did some research, and found that it is
pretty tricky business to accomplish this for C++ libraries.  I added
overrides with the following message:

   # Barry is a C++ library, and as such it encounters similar struggles
   # as documented here: http://www.eyrie.org/~eagle/journal/2012-01/008.html
   # and here: http://www.eyrie.org/~eagle/journal/2012-02/001.html
   # As well, Barry already uses the ABI Compliance Checker from
   # linuxtesting.org to discover ABI/API breaks, and intends to bump the
   # major number each time, and has had this policy since 0.17.x.
   # See the following page for details:
   # http://linuxtesting.org/upstream-tracker/versions/barry.html

Those were all the lintian messages that I found on my sid testing.



Since these issues only affected the debian/ directory, I spun a version
0.18.1-2 and have released it here:

   http://sourceforge.net/projects/barry/files/barry/barry-0.18.1/sources/

I assume we can label the changelog version anything we want, until we
actually perform our first upload, and then it is written in stone.
Otherwise I have to bump the upstream version, and I'd prefer to avoid
that if possible, as it wastes space on sourceforge.net.

Let me know what you think.

Thanks,
- Chris
Reply to: