[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug report in test suite
From: |
Bernhard Voelker |
Subject: |
Re: Bug report in test suite |
Date: |
Fri, 19 Nov 2021 20:23:52 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 |
On 11/19/21 01:03, Lahfa Samy wrote:
FAIL: tests/find/execdir-fd-leak.sh
The error message in the logfile is quite clear:
FAIL: tests/find/execdir-fd-leak
================================
find: The current directory is included in the PATH environment variable,
which is insecure in combination \
with the -execdir action of find. Please remove the current directory from your $PATH
(that is, remove ".", \
doubled colons, or leading or trailing colons)
Option -execdir of find leaks file descriptors
oldfind: The current directory is included in the PATH environment variable,
which is insecure in combination \
with the -execdir action of find. Please remove the current directory from your $PATH
(that is, remove ".", \
doubled colons, or leading or trailing colons)
Option -execdir of oldfind leaks file descriptors
FAIL tests/find/execdir-fd-leak.sh (exit status: 1)
I'm getting exactly the same when the PATH variable contains the current directory
".".
This is a security problem, and I've not seen this on any system in the last 15
years.
Still, the test suite should cater for and run in a sane environment.
This could be done in the test setup script 'tests/init.sh' which comes from
gnulib,
as I think this is a useful thing for probably all projects.
Alternatively, the findutils test setup could do it.
Finally, I'm wondering about 2 other topics in the output you provided:
a) When I run `./configure && make && make check` with such a vulnerable
PATH="$PATH:."
setting, then the check already fails earlier in 'find/testsuite/...' tests:
FAIL: sv-bug-27563-execdir.old-O0, /home/berny/tmp/findutils-4.8.0/find/testsuite/../oldfind: The current directory is included in the PATH environment variable, which is insecure in combination
with the -execdir action of find. Please remove the current directory from your $PATH (that is, remove ".", doubled colons, or leading or trailing colons)
FAIL: sv-bug-27563-execdir.old-O0, standard output differs from the expected
result:
--- find.out 2021-11-19 19:13:09.265117146 +0000
+++ cmp.out 2021-11-19 19:13:09.265117146 +0000
@@ -0,0 +1 @@
+./yyyy
child process exited abnormally
b) There are several lines like the following:
> make[1]: env: Permission denied
I can't imagine what would trigger this other than e.g. a strange
cross-compilation environment.
Is there something special about your build?
Have a nice day,
Berny