[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug report in test suite

From: Bernhard Voelker
Subject: Re: Bug report in test suite
Date: Sun, 28 Nov 2021 00:50:37 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0

On 11/19/21 20:23, Bernhard Voelker wrote:
> I'm getting exactly the same when the PATH variable contains the current 
> directory ".".
> This is a security problem, and I've not seen this on any system in the last 
> 15 years.
> Still, the test suite should cater for and run in a sane environment.
> This could be done in the test setup script 'tests/init.sh' which comes from 
> gnulib,
> as I think this is a useful thing for probably all projects.

Done with this gnulib commit:

  test-framework-sh: remove unsafe entries from PATH

and picked up in findutils with this commit:

  maint: update gnulib to latest

>    FAIL: sv-bug-27563-execdir.old-O0, 
> /home/berny/tmp/findutils-4.8.0/find/testsuite/../oldfind: The current 
> directory is included in the PATH environment variable, which is insecure in 
> combination 
> with   the -execdir action of find.  Please remove the current directory from 
> your $PATH (that is, remove ".", doubled colons, or leading or trailing 
> colons)
>    FAIL: sv-bug-27563-execdir.old-O0, standard output differs from the 
> expected result:
>    --- find.out       2021-11-19 19:13:09.265117146 +0000
>    +++ cmp.out        2021-11-19 19:13:09.265117146 +0000
>    @@ -0,0 +1 @@
>    +./yyyy
>    child process exited abnormally

Fixed with:

  tests: skip -execdir test if PATH contains unsafe directory

Have a nice day,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]