Package: lintian Version: 2.106.1 Severity: normal Tags: patch Hi,
lintian today showed me the following warning: W: hobbit-plugins: non-standard-file-perm etc/sudoers.d/xymon 0440 != 0644 But /etc/sudoers.d/README (at least in Debian 11 Bullseye) reads: # Note that there must be at least one file in the sudoers.d directory (this # one will do), and all files in this directory should be mode 0440. Looking at lib/Lintian/Check/Files/Permissions.pm there is already a special handling for files in /etc/sudoers.d/: 183 # sudo requires sudoers files to be mode oct(440) 184 if ( $file->name =~ m{^ etc/sudoers.d/ }msx 185 && $file->operm != $SUDOERS_FILE) { 186 187 $self->hint( 188 'bad-perm-for-file-in-etc-sudoers.d',$file->name, 189 $file->octal_permissions, $NOT_EQUAL, 190 sprintf('%04o', $SUDOERS_FILE)); 191 192 return; 193 } 194 195 $self->hint( 196 'non-standard-file-perm', $file->name, 197 $file->octal_permissions, $NOT_EQUAL, 198 sprintf('%04o', $STANDARD_FILE) 199 )unless $file->operm == $STANDARD_FILE; But if the file in /etc/sudoers.d/ has the expected permissions, the code continues to check against standard permissions instead of returning already. So I think that this if clause in line 184/185 needs to be split up to call return even if the tag is not emitted: # sudo requires sudoers files to be mode oct(440) if ( $file->name =~ m{^ etc/sudoers.d/ }msx ) { if ( $file->operm != $SUDOERS_FILE) { $self->hint( 'bad-perm-for-file-in-etc-sudoers.d',$file->name, $file->octal_permissions, $NOT_EQUAL, sprintf('%04o', $SUDOERS_FILE)); } return; } (Code untested. Might work, though. Can also apply and test the code myself, but I'd appreciate at least a short acknowledgement that the current code is indeed _not_ working as intended. Probably should get a test case, too. :-) Thanks in advance! -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.13.0-trunk-amd64 (SMP w/4 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages lintian depends on: ii binutils 2.37-7 ii bzip2 1.0.8-4 ii clzip 1.12-2 ii diffstat 1.64-1 ii dpkg 1.20.9 ii dpkg-dev 1.20.9 ii file 1:5.39-3 ii gettext 0.21-4 ii gpg 2.2.27-2 ii intltool-debian 0.35.0+20060710.5 ii libapt-pkg-perl 0.1.40 ii libarchive-zip-perl 1.68-1 ii libcapture-tiny-perl 0.48-1 ii libclass-xsaccessor-perl 1.19-3+b7 ii libclone-perl 0.45-1+b1 ii libconfig-tiny-perl 2.26-1 ii libconst-fast-perl 0.014-1.1 ii libcpanel-json-xs-perl 4.26-1 ii libdata-dpath-perl 0.58-1 ii libdata-validate-domain-perl 0.10-1.1 ii libdevel-size-perl 0.83-1+b2 ii libdigest-sha-perl 6.02-1+b3 ii libdpkg-perl 1.20.9 ii libemail-address-xs-perl 1.04-1+b3 ii libencode-perl 3.12-1 ii libfile-basedir-perl 0.09-1 ii libfile-find-rule-perl 0.34-1 ii libfont-ttf-perl 1.06-1.1 ii libhtml-html5-entities-perl 0.004-1.1 ii libio-interactive-perl 1.023-1 ii libio-prompt-tiny-perl 0.003-1 ii libipc-run3-perl 0.048-2 ii libjson-maybexs-perl 1.004003-1 ii liblist-compare-perl 0.55-1 ii liblist-someutils-perl 0.58-1 ii liblist-utilsby-perl 0.11-1 ii libmoo-perl 2.005004-2 ii libmoox-aliases-perl 0.001006-1.1 ii libnamespace-clean-perl 0.27-1 ii libpath-tiny-perl 0.118-1 ii libperlio-gzip-perl 0.19-1+b7 ii libperlio-utf8-strict-perl 0.008-1+b1 ii libproc-processtable-perl 0.611-1 ii libsereal-decoder-perl 4.018+ds-1+b1 ii libsereal-encoder-perl 4.018+ds-1+b1 ii libsort-versions-perl 1.62-1 ii libterm-readkey-perl 2.38-1+b2 ii libtext-glob-perl 0.11-1 ii libtext-levenshteinxs-perl 0.03-4+b8 ii libtext-markdown-discount-perl 0.13-1 ii libtext-xslate-perl 3.5.8-1+b1 ii libtime-duration-perl 1.21-1 ii libtime-moment-perl 0.44-1+b3 ii libtimedate-perl 2.3300-2 ii libtry-tiny-perl 0.30-1 ii libtype-tiny-perl 1.012004-1 ii libunicode-utf8-perl 0.62-1+b2 ii liburi-perl 5.08-1 ii libxml-libxml-perl 2.0134+dfsg-2+b1 ii libyaml-libyaml-perl 0.83+ds-1 ii lzip 1.22-3 ii lzop 1.04-2 ii man-db 2.9.4-2 ii patchutils 0.4.2-1 ii perl [libencode-perl] 5.32.1-6 ii t1utils 1.41-4 ii unzip 6.0-26 ii xz-utils 5.2.5-2 lintian recommends no packages. Versions of packages lintian suggests: ii binutils-multiarch 2.37-7 ii libtext-template-perl 1.60-1 -- no debconf information