Andreas Schwab wrote:
> FAIL: rm/fail-eperm (exit: 255)
> ===============================
>
> fail-eperm: considering /tmp/.
> fail-eperm: considering /tmp/.X11-unix
> fail-eperm: considering /tmp/missings-glibc-devel
> Insecure directory in $ENV{PATH} while running with -T switch at
> ./rm/fail-eperm line 88.
>
> FAIL: misc/pwd-long (exit: 255)
> ===============================
>
> Insecure directory in $ENV{PATH} while running with -T switch at - line 73.
Thanks for the reports.
I wish I'd realized this was a general problem *before* the release,
but it's not a big deal. Think of this as a feature.
It is warning you that you have a search PATH containing an
other-writable directory. That is a pretty serious vulnerability
if there's a chance anyone (or anything) malicious ever gains
access to your system.
This was introduced by 0cc0424119ec66c9005fb905cc1001a64b978ce3,
to avoid test failures on Cygwin. Unfortunately, if you have an insecure
PATH, you now lose on Linux, even though those tests don't search
PATH at all. Before, PATH was simply unset, but that wasn't portable
to Cygwin.
Here's a patch that avoids failure even if you have
an insecure PATH directory, and should also work on Cygwin:
>From ce9ff50623ad010fb52c3a4bf18a232eb875137c Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyer...@redhat.com>
Date: Thu, 19 Nov 2009 10:13:22 +0100
Subject: [PATCH] tests: avoid spurious failures due to insecure directory in
PATH
These tests perform no PATH search, and used to simply delete PATH from
the environment. However, that is not portable, as seen on Cygwin,
where cygwin.dll must be resolvable via PATH when starting a sub-shell.
With commit 0cc04241, we took the alternate approach of untaining the
incoming $ENV{PATH}, but that fails when it contains an other-writable
directory. Instead, now we hard code it to '/bin:/usr/bin'.
* tests/misc/pwd-long: Hard code $ENV{PATH} to a safe value.
* tests/rm/fail-eperm: Likewise.
Reported by Gilles Espinasse, Andreas Schwab, and Bauke Jan Douma.
---
tests/misc/pwd-long | 10 +++++-----
tests/rm/fail-eperm | 10 +++++-----
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/tests/misc/pwd-long b/tests/misc/pwd-long
index c67db02..da86dbf 100755
--- a/tests/misc/pwd-long
+++ b/tests/misc/pwd-long
@@ -56,11 +56,11 @@ sub normalize_to_cwd_relative ($$$)
# Set up a safe, well-known environment
delete @ENV{qw(BASH_ENV CDPATH ENV)};
$ENV{IFS} = '';
-# PATH is tricky - we can't just clear it, or cygwin will fail. But we
-# can't use it as-is, or taint checking in `` will stop us. For this
-# script, it is enough to scrub the incoming $PATH first.
-$ENV{'PATH'} =~ /(.*)/;
-$ENV{'PATH'} = "$1";
+
+# Taint checking requires a sanitized $PATH. This script performs no $PATH
+# search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
+# However, on Cygwin, it's used to find cygwin.dll, so set it.
+$ENV{'PATH'} = '/bin:/usr/bin';
# Save CWD's device and inode numbers.
my ($dev, $ino) = (stat '.')[0, 1];
diff --git a/tests/rm/fail-eperm b/tests/rm/fail-eperm
index 36192c2..f803c69 100755
--- a/tests/rm/fail-eperm
+++ b/tests/rm/fail-eperm
@@ -34,11 +34,11 @@ $ENV{LC_ALL} = 'C';
# Set up a safe, well-known environment
delete @ENV{qw(BASH_ENV CDPATH ENV)};
$ENV{IFS} = '';
-# PATH is tricky - we can't just clear it, or cygwin will fail. But we
-# can't use it as-is, or taint checking in `` will stop us. For this
-# script, it is enough to scrub the incoming $PATH first.
-$ENV{'PATH'} =~ /(.*)/;
-$ENV{'PATH'} = "$1";
+
+# Taint checking requires a sanitized $PATH. This script performs no $PATH
+# search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
+# However, on Cygwin, it's used to find cygwin.dll, so set it.
+$ENV{'PATH'} = '/bin:/usr/bin';
my @dir_list = qw(/tmp /var/tmp /usr/tmp);
my $rm = "$ENV{abs_top_builddir}/src/rm";
--
1.6.5.3.433.g11067
