Re: shellutils grave bug
James Troup <james@nocrew.org> writes:
> Julian Gilbey <J.D.Gilbey@qmw.ac.uk> writes:
>
> > Four or five bug reports have just been submitted because the i386
> > port of shellutils (just uploaded by the autobuilder, I would guess
> > -- haven't checked) has a non-setuid-root su.
>
> Sorry, about this. FWIW, I do test install all daemon built base
> packages (regardless of architecture) before uploading them, I just
> didn't catch this (and wouldn't, I never/rarely run an unsudoed su).
Can I use this opportunity to suggest that you add the following test
script to shellutils:
---</usr/lib/debian-test/tests/shellutils>---
#!/usr/bin/perl
use Debian::DebianTest ;
sub test_su_perms {
my ($dev,$inode,$mode,@therest) = stat("/bin/su") ;
printf "/bin/su's mode = 0%o\n", $mode ;
return (0104755 == $mode) ;
}
runtest("/bin/su perms", \&test_su_perms) ;
---------------------------------------------
and install the debian-test package, and run ``debian-test -a'' after
your test install.
I know the current battery of tests is totally feeble, but until people
start adding tests like this whenever bugs pop up, they're going to
stay feeble.
If on the other hand simple tests like this are added, as bugs occur,
we can pretty much guarantee we'll only see each bug once.
Cheers, Phil.
Reply to: