[Piuparts-devel] Bug#993801: piuparts testbed is missing debianutils: why?
Georges Khaznadar
georgesk at debian.org
Mon Sep 6 18:25:30 BST 2021
Package: piuparts
Version: 1.1.4
Severity: normal
Dear Maintainer,
I discovered recently that piupart's testbed is missing the command `tempfile`,
which
I was using to write a a backup of a database to /var/tmp in a postrm script.
I wonder why the tesbed is missing this package, which is part of Debian's
essential packages, as reported by `aptitude search '?priority(required)'`
If `tempfile` is not part of piupart's testbed, is there a recommended way to
create an
unpredictable file name, in order to save backup data without a risk of
vulnerability?
(if my postrm script writes to a predictable file name like /var/tmp/foo,
somebody
can create in advance a link with this name, to access backup information,
which results in
an unexpected data leak)
-- System Information:
Debian Release: 11.0
APT prefers stable
APT policy: (900, 'stable'), (500, 'stable-security'), (400, 'unstable'),
(100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_BAD_PAGE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages piuparts depends on:
ii debootstrap 1.0.123
ii debsums 3.0.2
ii libjs-sphinxdoc 3.4.3-2
ii lsb-release 11.1.0
ii lsof 4.93.2+dfsg-1.1
ii mount 2.36.1-8
ii piuparts-common 1.1.4
ii python3 3.9.2-3
ii python3-debian 0.1.39
Versions of packages piuparts recommends:
ii adequate 0.15.6
Versions of packages piuparts suggests:
ii docker.io 20.10.5+dfsg1-1+b5
pn schroot <none>
More information about the Piuparts-devel
mailing list