[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug report in test suite
|
From: |
Bernhard Voelker |
|
Subject: |
Re: Bug report in test suite |
|
Date: |
Sun, 28 Nov 2021 00:50:37 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 |
On 11/19/21 20:23, Bernhard Voelker wrote:
> I'm getting exactly the same when the PATH variable contains the current
> directory ".".
> This is a security problem, and I've not seen this on any system in the last
> 15 years.
>
> Still, the test suite should cater for and run in a sane environment.
> This could be done in the test setup script 'tests/init.sh' which comes from
> gnulib,
> as I think this is a useful thing for probably all projects.
Done with this gnulib commit:
http://git.sv.gnu.org/cgit/gnulib.git/commit/?id=d50912b6c
test-framework-sh: remove unsafe entries from PATH
and picked up in findutils with this commit:
https://git.sv.gnu.org/cgit/findutils.git/commit/?id=0dd5eaa3
maint: update gnulib to latest
> FAIL: sv-bug-27563-execdir.old-O0,
> /home/berny/tmp/findutils-4.8.0/find/testsuite/../oldfind: The current
> directory is included in the PATH environment variable, which is insecure in
> combination
> with the -execdir action of find. Please remove the current directory from
> your $PATH (that is, remove ".", doubled colons, or leading or trailing
> colons)
> FAIL: sv-bug-27563-execdir.old-O0, standard output differs from the
> expected result:
> --- find.out 2021-11-19 19:13:09.265117146 +0000
> +++ cmp.out 2021-11-19 19:13:09.265117146 +0000
> @@ -0,0 +1 @@
> +./yyyy
> child process exited abnormally
Fixed with:
https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=94e91f60f
tests: skip -execdir test if PATH contains unsafe directory
Have a nice day,
Berny