[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch] coreutils-5.97: tests/rm/fail-eperm fix
From: |
Jim Meyering |
Subject: |
Re: [patch] coreutils-5.97: tests/rm/fail-eperm fix |
Date: |
Thu, 28 Sep 2006 15:34:58 +0200 |
Tim Waugh <address@hidden> wrote:
> I discovered that the rm/fail-eperm test can fail if a temporary file
> owned by another user gets selected for attempted deletion when that
> filename contains a space.
Hi Tim,
Thank you for the report and patch.
The problem is actually bigger.
Here's what I've done:
2006-09-28 Jim Meyering <address@hidden>
* tests/rm/fail-eperm: Enable Perl's (-T) taint checking.
Ensure that IFS is set properly and unset PATH.
Sanitize inputs.
Work properly even when the name of the selected file starts with "-".
Invoke rm via "../../src/rm", and adjust expected output.
Prompted by a patch from Tim Waugh.
Index: tests/rm/fail-eperm
===================================================================
RCS file: /fetish/cu/tests/rm/fail-eperm,v
retrieving revision 1.16
diff -u -r1.16 fail-eperm
--- tests/rm/fail-eperm 17 Aug 2006 19:58:36 -0000 1.16
+++ tests/rm/fail-eperm 28 Sep 2006 13:27:41 -0000
@@ -3,7 +3,7 @@
# Ensure that rm gives the expected diagnostic when failing to remove a file
# owned by some other user in a directory with the sticky bit set.
-# Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc.
+# Copyright (C) 2002, 2003, 2004, 2006 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -43,7 +43,7 @@
ARGV_0=$0
export ARGV_0
-exec $PERL -w -- - << \EOP
+exec $PERL -Tw -- - << \EOP
require 5.003;
use strict;
@@ -54,7 +54,12 @@
# Ensure that the diagnostics are in English.
$ENV{LC_ALL} = 'C';
+# Set up a safe, well-known environment
+delete $ENV{PATH};
+$ENV{IFS} = '';
+
my @dir_list = qw(/tmp /var/tmp /usr/tmp);
+my $rm = '../../src/rm';
# Find a directory with the sticky bit set.
my $found_dir;
@@ -71,6 +76,11 @@
foreach my $f (readdir DIR_HANDLE)
{
+ # Consider only names containing "safe" characters.
+ $f =~ /^(address@hidden)$/
+ or next;
+ $f = $1; # untaint $f
+
my $target_file = "$dir/$f";
$verbose
and warn "$ME: considering $target_file\n";
@@ -86,7 +96,7 @@
# Invoke rm on this file and ensure that we get the
# expected exit code and diagnostic.
- my $cmd = "rm -f $target_file";
+ my $cmd = "$rm -f -- $target_file";
open RM, "$cmd 2>&1 |"
or die "$ME: cannot execute `$cmd'\n";
@@ -98,7 +108,7 @@
or die "$ME: unexpected exit status from `$cmd';\n"
. " got $status, expected 1\n";
- my $exp = "rm: cannot remove `$target_file':";
+ my $exp = "$rm: cannot remove `$target_file':";
$line
or die "$ME: no output from `$cmd';\n"
. "expected something like `$exp ...'\n";