On Wed, Feb 21, 2001 at 01:17:49PM -1000, Tim Jenness wrote:
> > This can be solved by using t/tmp instead of File::Spec->tmpdir.
> > t/lib/ftmp-security.t can create t/tmp and chmod it the way it likes,
> > then run tempfile() with it as the DIR. At the end, it can delete it.
> >
>
> Only partly. We've thought of this before but HIGH security involves
> testing all the parent directories not just the one containing the
> directory itself. t/tmp will not fix the problem if the parent dir is
> "unsafe".
Crap. This is one of those odd cases where it seems necessary to
almost totally reimplement the code in order to test it.
Damn, chroot() would solve this, but its root-only. Well, you could
add a test which tries to chroot to t/ if the test is run as root.
Ok, I'd say that doing a test for a safe temp directory under HIGH
security is right out for the discussed reasons. However, we can do a
test for an *unsafe* temp directory under HIGH security. Simply
create a ringer in t/tmp and make sure File::Temp rejects it properly.
Something that tests the dir-walking properties of _is_very_safe(), like:
t/tmp/safe/safe/unsafe/safe/safe/
--
Michael G Schwern <[EMAIL PROTECTED]> http://www.pobox.com/~schwern/
Perl6 Quality Assurance <[EMAIL PROTECTED]> Kwalitee Is Job One
