Re: [PATCH] tests: misc/sort-exit-early: do not run as root.

coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] tests: misc/sort-exit-early: do not run as root.

From:	Jim Meyering
Subject:	Re: [PATCH] tests: misc/sort-exit-early: do not run as root.
Date:	Thu, 30 Aug 2012 11:15:59 +0200

Nick Alcock wrote:
> This test requires an unwritable input and an unreadable output,
> so will fail if the testsuite is being run as root, and should
> not be run in this case.
> ---
>  tests/misc/sort-exit-early | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/tests/misc/sort-exit-early b/tests/misc/sort-exit-early
> index 7470aad..b83a489 100755
> --- a/tests/misc/sort-exit-early
> +++ b/tests/misc/sort-exit-early
> @@ -19,6 +19,8 @@
>  . "${srcdir=.}/init.sh"; path_prepend_ ../src
>  print_ver_ sort
>
> +skip_if_root_

Thanks for the testing and especially for the fix.

A word of caution:

There have been exploitable flaws (albeit rare) in these tests over
the years, and if you had regularly run all of them as root on a shared
system, it might have been easy to exploit.  The root-only tests are
more carefully audited, precisely because we regularly run them as root.

I recommend to run only the designated "root-only" tests as root:
(from README)

    Running tests as root:
    ----------------------

    If you run the tests as root, note that a few of them create files
    and/or run programs as a non-root user, 'nobody' by default.
    If you want to use some other non-root username, specify it via
    the NON_ROOT_USERNAME environment variable.  Depending on the
    permissions with which the working directories have been created,
    using 'nobody' may fail, because that user won't have the required
    read and write access to the build and test directories.
    I find that it is best to unpack and build as a non-privileged
    user, and then to run the following command as that user in order
    to run the privilege-requiring tests:

      sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root

    If you can run the tests as root, please do so and report any
    problems.  We get much less test coverage in that mode, and it's
    arguably more important that these tools work well when run by
    root than when run by less privileged users.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] tests: misc/sort-exit-early: do not run as root., Nick Alcock, 2012/08/29
- Re: [PATCH] tests: misc/sort-exit-early: do not run as root., Pádraig Brady, 2012/08/29
- Re: [PATCH] tests: misc/sort-exit-early: do not run as root., Jim Meyering <=
  - Re: [PATCH] tests: misc/sort-exit-early: do not run as root., Nick Alcock, 2012/08/30

Prev by Date: Re: sort: new feature: use environment variable to set buffer size
Next by Date: Re: [PATCH 00/22] Towards a non-recursive build system for coreutils?
Previous by thread: Re: [PATCH] tests: misc/sort-exit-early: do not run as root.
Next by thread: Re: [PATCH] tests: misc/sort-exit-early: do not run as root.
Index(es):
- Date
- Thread