Re: stable coreutils-8.1 today, fingers crossed (original) (raw)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

From:	Jim Meyering
Subject:	Re: stable coreutils-8.1 today, fingers crossed
Date:	Thu, 19 Nov 2009 10:24:47 +0100

Andreas Schwab wrote:

FAIL: rm/fail-eperm (exit: 255) ===============================

fail-eperm: considering /tmp/. fail-eperm: considering /tmp/.X11-unix fail-eperm: considering /tmp/missings-glibc-devel Insecure directory in $ENV{PATH} while running with -T switch at ./rm/fail-eperm line 88.

FAIL: misc/pwd-long (exit: 255) ===============================

Insecure directory in $ENV{PATH} while running with -T switch at - line 73.

BTW, here's a small example:

This shows that my default $PATH is fine. Blindly untainting it is good enough:

$ perl -Te '$ENV{PATH}=~/(.*)/;$ENV{PATH}="$1";`/bin/true`'
$

However, when I add /tmp to it, even at the end, Perl's taint-checking detects the problem and refuses to fork the sub-shell, because that would be risky:

$ PATH=$PATH:/tmp perl -Te '$ENV{PATH}=~/(.*)/;$ENV{PATH}="$1";`/bin/true`'
Insecure directory in $ENV{PATH} while running with -T switch at -e line 1.
[Exit 255 (0)]

Oh, and here's one more change I'm squashing into the fix:

diff --git a/tests/misc/pwd-long b/tests/misc/pwd-long index da86dbf..df1590c 100755 --- a/tests/misc/pwd-long +++ b/tests/misc/pwd-long @@ -60,7 +60,7 @@ $ENV{IFS} = '';

Taint checking requires a sanitized PATH.ThisscriptperformsnoPATH. This script performs no PATH.ThisscriptperformsnoPATH

search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.

However, on Cygwin, it's used to find cygwin.dll, so set it.

-$ENV{'PATH'} = '/bin:/usr/bin'; +$ENV{PATH} = '/bin:/usr/bin';

Save CWD's device and inode numbers.

my ($dev, $ino) = (stat '.')[0, 1]; diff --git a/tests/rm/fail-eperm b/tests/rm/fail-eperm index f803c69..16811c2 100755 --- a/tests/rm/fail-eperm +++ b/tests/rm/fail-eperm @@ -38,7 +38,7 @@ $ENV{IFS} = '';

Taint checking requires a sanitized PATH.ThisscriptperformsnoPATH. This script performs no PATH.ThisscriptperformsnoPATH

search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.

However, on Cygwin, it's used to find cygwin.dll, so set it.

-$ENV{'PATH'} = '/bin:/usr/bin'; +$ENV{PATH} = '/bin:/usr/bin';

my @dir_list = qw(/tmp /var/tmp /usr/tmp); my rm="rm = "rm="ENV{abs_top_builddir}/src/rm";

Re: stable coreutils-8.1 today, fingers crossed, (continued)
* Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/19
* Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
* Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/19
* Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
* Re: stable coreutils-8.1 today, fingers crossed, Bauke Jan Douma, 2009/11/19
* Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/19
* Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/22
* Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/22
* Re: stable coreutils-8.1 today, fingers crossed, Jim Meyering, 2009/11/22
* Re: stable coreutils-8.1 today, fingers crossed, Andreas Schwab, 2009/11/22
* Re: stable coreutils-8.1 today, fingers crossed,Jim Meyering <=

Prev by Date:Re: stable coreutils-8.1 today, fingers crossed
Next by Date:Re: stable coreutils-8.1 today, fingers crossed
Previous by thread:Re: stable coreutils-8.1 today, fingers crossed
Next by thread:coreutils-8.1 released [stable]
Index(es):
- Date
- Thread