Re: stable coreutils-8.1 today, fingers crossed

Thu, 19 Nov 2009 01:25:09 -0800 

Andreas Schwab wrote:

> FAIL: rm/fail-eperm (exit: 255)
> ===============================
>
> fail-eperm: considering /tmp/.
> fail-eperm: considering /tmp/.X11-unix
> fail-eperm: considering /tmp/missings-glibc-devel
> Insecure directory in $ENV{PATH} while running with -T switch at 
> ./rm/fail-eperm line 88.
>
> FAIL: misc/pwd-long (exit: 255)
> ===============================
>
> Insecure directory in $ENV{PATH} while running with -T switch at - line 73.

BTW, here's a small example:

This shows that my default $PATH is fine.
Blindly untainting it is good enough:

    $ perl -Te '$ENV{PATH}=~/(.*)/;$ENV{PATH}="$1";`/bin/true`'
    $

However, when I add /tmp to it, even at the end,
Perl's taint-checking detects the problem and refuses
to fork the sub-shell, because that would be risky:

    $ PATH=$PATH:/tmp perl -Te '$ENV{PATH}=~/(.*)/;$ENV{PATH}="$1";`/bin/true`'
    Insecure directory in $ENV{PATH} while running with -T switch at -e line 1.
    [Exit 255 (0)]

Oh, and here's one more change I'm squashing into the fix:

diff --git a/tests/misc/pwd-long b/tests/misc/pwd-long
index da86dbf..df1590c 100755
--- a/tests/misc/pwd-long
+++ b/tests/misc/pwd-long
@@ -60,7 +60,7 @@ $ENV{IFS}  = '';
 # Taint checking requires a sanitized $PATH.  This script performs no $PATH
 # search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
 # However, on Cygwin, it's used to find cygwin.dll, so set it.
-$ENV{'PATH'} = '/bin:/usr/bin';
+$ENV{PATH} = '/bin:/usr/bin';

 # Save CWD's device and inode numbers.
 my ($dev, $ino) = (stat '.')[0, 1];
diff --git a/tests/rm/fail-eperm b/tests/rm/fail-eperm
index f803c69..16811c2 100755
--- a/tests/rm/fail-eperm
+++ b/tests/rm/fail-eperm
@@ -38,7 +38,7 @@ $ENV{IFS}  = '';
 # Taint checking requires a sanitized $PATH.  This script performs no $PATH
 # search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
 # However, on Cygwin, it's used to find cygwin.dll, so set it.
-$ENV{'PATH'} = '/bin:/usr/bin';
+$ENV{PATH} = '/bin:/usr/bin';

 my @dir_list = qw(/tmp /var/tmp /usr/tmp);
 my $rm = "$ENV{abs_top_builddir}/src/rm";

Reply via email to