FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 10-05-2012, 09:35 PM
Jakub Wilk
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

* Andreas Beckmann <debian@abeckmann.de>, 2012-10-05, 23:16:
I haven't made a detailed analysis, yet, and cannot say how many
packages would be affected. Right now I have about 100 candidate
piuparts logs that should cover /var/run and /var/lock, but I haven't
sorted them in "buggy", "depends on buggy", "other problem". I expect
the buggy category to be around a dozen.


Lintian should be able to spot all the buggy ones, shouldn't it?

http://lintian.debian.org/tags/dir-or-file-in-run.html
http://lintian.debian.org/tags/dir-or-file-in-var-run.html
http://lintian.debian.org/tags/dir-or-file-in-var-lock.html

Would it be appropriate to file RC bugs against all the packages
shipping anything in /var/run, /var/lock or /run?


IMO, yes.

--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20121005213553.GA6401@jwilk.net">http://lists.debian.org/20121005213553.GA6401@jwilk.net
 
Old 10-05-2012, 09:46 PM
Andreas Beckmann
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

On 2012-10-05 23:35, Jakub Wilk wrote:
> Lintian should be able to spot all the buggy ones, shouldn't it?
Good point.

> http://lintian.debian.org/tags/dir-or-file-in-run.html
0 :-)

> http://lintian.debian.org/tags/dir-or-file-in-var-run.html
28 (6 overridden)

> http://lintian.debian.org/tags/dir-or-file-in-var-lock.html
6 (1 overridden)

Anyone who wants to take this easy job? Since I don't have to analyze
piuparts logs for getting the data ...


Andreas


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 506F5541.9080504@abeckmann.de">http://lists.debian.org/506F5541.9080504@abeckmann.de
 
Old 10-05-2012, 10:14 PM
Ben Hutchings
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

On Fri, Oct 05, 2012 at 11:35:53PM +0200, Jakub Wilk wrote:
> * Andreas Beckmann <debian@abeckmann.de>, 2012-10-05, 23:16:
> >I haven't made a detailed analysis, yet, and cannot say how many
> >packages would be affected. Right now I have about 100 candidate
> >piuparts logs that should cover /var/run and /var/lock, but I
> >haven't sorted them in "buggy", "depends on buggy", "other
> >problem". I expect the buggy category to be around a dozen.
>
> Lintian should be able to spot all the buggy ones, shouldn't it?
>
> http://lintian.debian.org/tags/dir-or-file-in-run.html
> http://lintian.debian.org/tags/dir-or-file-in-var-run.html
> http://lintian.debian.org/tags/dir-or-file-in-var-lock.html
[...]

Seems like these should be added to ftp-master autorejects.

Ben.

--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20121005221432.GO13292@decadent.org.uk">http://lists.debian.org/20121005221432.GO13292@decadent.org.uk
 
Old 10-06-2012, 07:16 AM
Thomas Goirand
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

On 10/06/2012 05:46 AM, Andreas Beckmann wrote:
Anyone who wants to take this easy job? Since I don't have to analyze
piuparts logs for getting the data ... Andreas

Hi,

I'll try to send bugs *with patches* over this week end.

Thomas Goirand (zigo)


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 506FDAE2.30909@debian.org">http://lists.debian.org/506FDAE2.30909@debian.org
 
Old 10-07-2012, 03:29 PM
Thomas Goirand
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

On 10/06/2012 03:16 PM, Thomas Goirand wrote:

On 10/06/2012 05:46 AM, Andreas Beckmann wrote:
Anyone who wants to take this easy job? Since I don't have to analyze
piuparts logs for getting the data ... Andreas

Hi,

I'll try to send bugs *with patches* over this week end.

Thomas Goirand (zigo)



This is done. For each package in the lists I sent a bug report
with a proposed debdiff. Since the var/run folder is to be used
at runtime, I couldn't always tell where to add the relevant
mkdir calls, but that was pretty rare. In most cases, adding it
into debian/<package>.init was enough, and often, then mkdir
was there already (even with the package shipping the folder).
Also, some package were using dpkg-statoverride. I believe it
doesn't make sense for something in /var/run.

After doing this work, I also believe that ftp-master should
reject any package shipping a folder /var/run/<package>.
On the 28 packages which I wrote a patch for, none seemed to
have valid reasons to ship that folder. Even those who were
having a lintian override file. So at least blocking if there's
no override seem to me the correct thing to do.

Cheers,

Thomas Goirand (zigo)


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 50719FC3.2000006@debian.org">http://lists.debian.org/50719FC3.2000006@debian.org
 
Old 10-07-2012, 05:21 PM
Julien Cristau
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

On Fri, Oct 5, 2012 at 23:16:05 +0200, Andreas Beckmann wrote:

> Hi,
>
> I haven't made a detailed analysis, yet, and cannot say how many
> packages would be affected. Right now I have about 100 candidate
> piuparts logs that should cover /var/run and /var/lock, but I haven't
> sorted them in "buggy", "depends on buggy", "other problem". I expect
> the buggy category to be around a dozen.
>
> Would it be appropriate to file RC bugs against all the packages
> shipping anything in /var/run, /var/lock or /run?
>
No, there's nothing wrong with that.

Cheers,
Julien
 
Old 10-08-2012, 10:33 AM
Thomas Goirand
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

On 10/08/2012 01:21 AM, Julien Cristau wrote:

On Fri, Oct 5, 2012 at 23:16:05 +0200, Andreas Beckmann wrote:


Hi,

I haven't made a detailed analysis, yet, and cannot say how many
packages would be affected. Right now I have about 100 candidate
piuparts logs that should cover /var/run and /var/lock, but I haven't
sorted them in "buggy", "depends on buggy", "other problem". I expect
the buggy category to be around a dozen.

Would it be appropriate to file RC bugs against all the packages
shipping anything in /var/run, /var/lock or /run?


No, there's nothing wrong with that.

Cheers,
Julien

Lintian (and myself) do not agree with you. Lintian
considers it a "Serious" problem. And so does the policy
manual in which you can read:
"Packages must not include files or directories under /run,
or under the older /var/run and /var/lock paths."

It's perfectly fine to me that the release team decides
what is RC or not (even if I don't agree, it's your call...),
but these are still "must not" in the wording of the policy.

Cheers,

Thomas


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 5072ABF8.6030309@debian.org">http://lists.debian.org/5072ABF8.6030309@debian.org
 
Old 10-08-2012, 10:40 AM
Mehdi Dogguy
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

On 08/10/2012 12:33, Thomas Goirand wrote:
> On 10/08/2012 01:21 AM, Julien Cristau wrote:
>> On Fri, Oct 5, 2012 at 23:16:05 +0200, Andreas Beckmann wrote:
>>
>>> Hi,
>>>
>>> I haven't made a detailed analysis, yet, and cannot say how many
>>> packages would be affected. Right now I have about 100 candidate
>>> piuparts logs that should cover /var/run and /var/lock, but I
>>> haven't sorted them in "buggy", "depends on buggy", "other
>>> problem". I expect the buggy category to be around a dozen.
>>>
>>> Would it be appropriate to file RC bugs against all the packages
>>> shipping anything in /var/run, /var/lock or /run?
>>>
>> No, there's nothing wrong with that.
>>
> […]
>
> It's perfectly fine to me that the release team decides what is RC or
> not (even if I don't agree, it's your call...), […]

Julien answered the question though and you don't seem to disagree (by
reading your mail).

--
Mehdi Dogguy مهدي الدڤي


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 5072AD96.30805@dogguy.org">http://lists.debian.org/5072AD96.30805@dogguy.org
 
Old 10-08-2012, 06:15 PM
Michael Gilbert
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

On Mon, Oct 8, 2012 at 6:33 AM, Thomas Goirand wrote:
> On 10/08/2012 01:21 AM, Julien Cristau wrote:
>>> Would it be appropriate to file RC bugs against all the packages
>>> shipping anything in /var/run, /var/lock or /run?
>>>
>> No, there's nothing wrong with that.
>>
>> Cheers,
>> Julien
>
> Lintian (and myself) do not agree with you. Lintian
> considers it a "Serious" problem. And so does the policy
> manual in which you can read:
>
> "Packages must not include files or directories under /run,
> or under the older /var/run and /var/lock paths."

The thing is that it really does no harm if a package actually does
this; although it is pretty pointless since those files will be gone
after reboot. So, even though policy says "must not", it's not really
a problem in practice, so important is probably a more appropriate
severity at this point in the release process.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CANTw=MO8SnuhQBRHmw9mQke8GZv0YTVNrz-mpcPgq-=BJGYYrg@mail.gmail.com
 
Old 10-08-2012, 06:27 PM
Jakub Wilk
 
Default possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

* Michael Gilbert <mgilbert@debian.org>, 2012-10-08, 14:15:
"Packages must not include files or directories under /run, or under
the older /var/run and /var/lock paths."
The thing is that it really does no harm if a package actually does
this


Given that /var/lock is world-writable in Debian, and that dpkg follows
symlinks to directories, at least shipping directories in /var/lock is
almost certainly a security hole. (Fortunately, this is mitigated by the
protected_symlinks feature of the recent kernels.)


--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20121008182724.GA2540@jwilk.net">http://lists.debian.org/20121008182724.GA2540@jwilk.net
 

Thread Tools




All times are GMT. The time now is 11:41 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org