Skip to Main content Skip to Navigation
Conference papers

Analysing installation scenarios of Debian packages

Abstract : The Debian distribution includes 28 814 maintainer scripts, almost all of which are written in Posix shell. These scripts are executed with root privileges at installation, update, and removal of a package, which make them critical for system maintenance. While Debian policy provides guidance for package maintainers producing the scripts, few tools exist to check the compliance of a script to it. We report on the application of a formal verification approach based on symbolic execution to find violations of some non-trivial properties required by Debian policy in maintainer scripts. We present our methodology and give an overview of our toolchain. We obtained promising results: our toolchain is effective in analysing a large set of Debian maintainer scripts and it pointed out over 150 policy violations that lead to reports on the Debian Bug Tracking system.
Complete list of metadata

Cited literature [40 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-02355602
Contributor : Claude Marché <>
Submitted on : Friday, September 18, 2020 - 6:47:07 PM
Last modification on : Friday, April 30, 2021 - 9:58:25 AM

File

main.pdf
Publisher files allowed on an open archive

Identifiers

Citation

Benedikt Becker, Nicolas Jeannerod, Claude Marché, Yann Régis-Gianas, Mihaela Sighireanu, et al.. Analysing installation scenarios of Debian packages. TACAS 2020 - 26th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, 2020, The conference took place on-line, because it couldn't be held in Dublin, Ireland. pp.235-253, ⟨10.1007/978-3-030-45237-7_14⟩. ⟨hal-02355602v2⟩

Share

Metrics

Record views

186

Files downloads

128