Re: Bug report in test suite

bug-findutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug report in test suite

From:	Bernhard Voelker
Subject:	Re: Bug report in test suite
Date:	Fri, 19 Nov 2021 20:23:52 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0

On 11/19/21 01:03, Lahfa Samy wrote:

FAIL: tests/find/execdir-fd-leak.sh


The error message in the logfile is quite clear:

  FAIL: tests/find/execdir-fd-leak
  ================================

  find: The current directory is included in the PATH environment variable, 
which is insecure in combination \
  with the -execdir action of find.  Please remove the current directory from your $PATH 
(that is, remove ".", \
  doubled colons, or leading or trailing colons)
  Option -execdir of find leaks file descriptors
  oldfind: The current directory is included in the PATH environment variable, 
which is insecure in combination \
  with the -execdir action of find.  Please remove the current directory from your $PATH 
(that is, remove ".", \
  doubled colons, or leading or trailing colons)
  Option -execdir of oldfind leaks file descriptors
  FAIL tests/find/execdir-fd-leak.sh (exit status: 1)

I'm getting exactly the same when the PATH variable contains the current directory 
".".
This is a security problem, and I've not seen this on any system in the last 15 
years.

Still, the test suite should cater for and run in a sane environment.
This could be done in the test setup script 'tests/init.sh' which comes from 
gnulib,
as I think this is a useful thing for probably all projects.
Alternatively, the findutils test setup could do it.

Finally, I'm wondering about 2 other topics in the output you provided:

a) When I run `./configure && make && make check` with such a vulnerable 
PATH="$PATH:."
setting, then the check already fails earlier in 'find/testsuite/...' tests:

FAIL: sv-bug-27563-execdir.old-O0, /home/berny/tmp/findutils-4.8.0/find/testsuite/../oldfind: The current directory is included in the PATH environment variable, which is insecure in combinationwith the -execdir action of find. Please remove the current directory from your $PATH (that is, remove ".", doubled colons, or leading or trailing colons)

  FAIL: sv-bug-27563-execdir.old-O0, standard output differs from the expected 
result:
  --- find.out  2021-11-19 19:13:09.265117146 +0000
  +++ cmp.out   2021-11-19 19:13:09.265117146 +0000
  @@ -0,0 +1 @@
  +./yyyy
  child process exited abnormally

b) There are several lines like the following:

> make[1]: env: Permission denied

I can't imagine what would trigger this other than e.g. a strange 
cross-compilation environment.
Is there something special about your build?

Have a nice day,
Berny

[Prev in Thread]

Current Thread

[Next in Thread]

Bug report in test suite, Lahfa Samy, 2021/11/18
- Re: Bug report in test suite, Bernhard Voelker <=
  - Re: Bug report in test suite, Bernhard Voelker, 2021/11/27

Prev by Date: Bug report in test suite
Next by Date: [bug #60383] [feature-request] let find read files from stdin or file.
Previous by thread: Bug report in test suite
Next by thread: Re: Bug report in test suite
Index(es):
- Date
- Thread