[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: stable coreutils-8.1 today, fingers crossed
From: |
Jim Meyering |
Subject: |
Re: stable coreutils-8.1 today, fingers crossed |
Date: |
Thu, 19 Nov 2009 10:24:47 +0100 |
Andreas Schwab wrote:
> FAIL: rm/fail-eperm (exit: 255)
> ===============================
>
> fail-eperm: considering /tmp/.
> fail-eperm: considering /tmp/.X11-unix
> fail-eperm: considering /tmp/missings-glibc-devel
> Insecure directory in $ENV{PATH} while running with -T switch at
> ./rm/fail-eperm line 88.
>
> FAIL: misc/pwd-long (exit: 255)
> ===============================
>
> Insecure directory in $ENV{PATH} while running with -T switch at - line 73.
BTW, here's a small example:
This shows that my default $PATH is fine.
Blindly untainting it is good enough:
$ perl -Te '$ENV{PATH}=~/(.*)/;$ENV{PATH}="$1";`/bin/true`'
$
However, when I add /tmp to it, even at the end,
Perl's taint-checking detects the problem and refuses
to fork the sub-shell, because that would be risky:
$ PATH=$PATH:/tmp perl -Te '$ENV{PATH}=~/(.*)/;$ENV{PATH}="$1";`/bin/true`'
Insecure directory in $ENV{PATH} while running with -T switch at -e line 1.
[Exit 255 (0)]
Oh, and here's one more change I'm squashing into the fix:
diff --git a/tests/misc/pwd-long b/tests/misc/pwd-long
index da86dbf..df1590c 100755
--- a/tests/misc/pwd-long
+++ b/tests/misc/pwd-long
@@ -60,7 +60,7 @@ $ENV{IFS} = '';
# Taint checking requires a sanitized $PATH. This script performs no $PATH
# search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
# However, on Cygwin, it's used to find cygwin.dll, so set it.
-$ENV{'PATH'} = '/bin:/usr/bin';
+$ENV{PATH} = '/bin:/usr/bin';
# Save CWD's device and inode numbers.
my ($dev, $ino) = (stat '.')[0, 1];
diff --git a/tests/rm/fail-eperm b/tests/rm/fail-eperm
index f803c69..16811c2 100755
--- a/tests/rm/fail-eperm
+++ b/tests/rm/fail-eperm
@@ -38,7 +38,7 @@ $ENV{IFS} = '';
# Taint checking requires a sanitized $PATH. This script performs no $PATH
# search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
# However, on Cygwin, it's used to find cygwin.dll, so set it.
-$ENV{'PATH'} = '/bin:/usr/bin';
+$ENV{PATH} = '/bin:/usr/bin';
my @dir_list = qw(/tmp /var/tmp /usr/tmp);
my $rm = "$ENV{abs_top_builddir}/src/rm";
- Re: stable coreutils-8.1 today, fingers crossed, (continued)
- Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Bauke Jan Douma, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
- Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/22
- Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/22
- Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/22
- Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/22
- Re: stable coreutils-8.1 today, fingers crossed,
Jim Meyering <=