Re: new snapshot available: coreutils-8.0.108-3aff3

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new snapshot available: coreutils-8.0.108-3aff3

From:	Gilles Espinasse
Subject:	Re: new snapshot available: coreutils-8.0.108-3aff3
Date:	Mon, 16 Nov 2009 08:39:43 +0100

----- Original Message ----- 
From: "Jim Meyering" <address@hidden>
To: "Gilles Espinasse" <address@hidden>
Cc: <address@hidden>
Sent: Sunday, November 15, 2009 9:37 AM
Subject: Re: new snapshot available: coreutils-8.0.108-3aff3

> Gilles Espinasse wrote:
> ...
> >> > Insecure directory in $ENV{PATH} while running with -T switch at -
line
> > 73.
> >>
> >> Is some directory in your $PATH group- or world-writable?
> >
> > should not
> > find `echo "$PATH" | sed 's/:/ /g'` -maxdepth 0 -ls
> > 1331275    4 drwxr-xr-x   2 root     root         4096 Oct 21 23:07
> > /tools_i486/usr/bin
> > 1672609    4 drwxr-xr-x   2 root     root         4096 Nov 14 17:56 /bin
> > 1672645    4 drwxr-xr-x   2 root     root         4096 Nov 14 17:57
/usr/bin
> > 1672640    4 drwxr-xr-x   2 root     root         4096 Nov 14 17:57
/sbin
> > 1672648    4 drwxr-xr-x   2 root     root         4096 Nov 14 17:57
> > /usr/sbin
> > 1672299   12 drwxr-xr-x   2 root     root        12288 Nov 14 17:42
> > /tools_i486/bin
>
> That doesn't show the actual value of your $PATH envvar.
> I'll bet it starts with ":".  *THAT* is definitely insecure.
No
First, I could do in the chroot
perl -e 'print "$ENV{PATH}\n";'
/tools_i486/usr/bin:/bin:/usr/bin:/sbin:/usr/sbin:/tools_i486/bin

Secondly, in the modified pwd-long test, I was able to run what is strictly
the first part of the test before the 'do ... until (++$i == $n);' so PATH
should be sane to this point.

If I add the 'do ... until (++$i == $n);' part in my changes like in the
patch send, test status is changed to skip
[chroot-i486] root:/usr/src/coreutils-8.0.108-3aff3$ make check -C tests
TESTS=misc/pwd-long VERBOSE=yes
make: Entering directory `/usr/src/coreutils-8.0.108-3aff3/tests'
make  check-TESTS
make[1]: Entering directory `/usr/src/coreutils-8.0.108-3aff3/tests'
make[2]: Entering directory `/usr/src/coreutils-8.0.108-3aff3/tests'
SKIP: misc/pwd-long
====================
All 0 tests passed
(1 test was not run)
====================
make[2]: Leaving directory `/usr/src/coreutils-8.0.108-3aff3/tests'
make[1]: Leaving directory `/usr/src/coreutils-8.0.108-3aff3/tests'
make: Leaving directory `/usr/src/coreutils-8.0.108-3aff3/tests'

So I have not yet found where it fail and why.

Gilles

[Prev in Thread]

Current Thread

[Next in Thread]

new snapshot available: coreutils-8.0.108-3aff3, Jim Meyering, 2009/11/09
- Re: new snapshot available: coreutils-8.0.108-3aff3, Pádraig Brady, 2009/11/09
  - Re: new snapshot available: coreutils-8.0.108-3aff3, Jim Meyering, 2009/11/09
  - Re: new snapshot available: coreutils-8.0.108-3aff3, Eric Blake, 2009/11/09
    - Re: new snapshot available: coreutils-8.0.108-3aff3, Eric Blake, 2009/11/16
- Re: new snapshot available: coreutils-8.0.108-3aff3, Gilles Espinasse, 2009/11/14
  - Re: new snapshot available: coreutils-8.0.108-3aff3, Jim Meyering, 2009/11/14
    - Re: new snapshot available: coreutils-8.0.108-3aff3, Gilles Espinasse, 2009/11/15
    - Re: new snapshot available: coreutils-8.0.108-3aff3, Jim Meyering, 2009/11/15
    - Re: new snapshot available: coreutils-8.0.108-3aff3, Gilles Espinasse <=
    - Re: new snapshot available: coreutils-8.0.108-3aff3, Jim Meyering, 2009/11/16

Prev by Date: [bug #27923] rm -f gives an error when trying to delete a non-existent file on a read-only filesystem
Next by Date: Re: new snapshot available: coreutils-8.0.108-3aff3
Previous by thread: Re: new snapshot available: coreutils-8.0.108-3aff3
Next by thread: Re: new snapshot available: coreutils-8.0.108-3aff3
Index(es):
- Date
- Thread