Re: [patch] coreutils-5.97: tests/rm/fail-eperm fix

[Jim Meyering]

Tim Waugh <address@hidden> wrote:
> I discovered that the rm/fail-eperm test can fail if a temporary file
> owned by another user gets selected for attempted deletion when that
> filename contains a space.

Hi Tim,

Thank you for the report and patch.
The problem is actually bigger.
Here's what I've done:

2006-09-28  Jim Meyering  <address@hidden>

        * tests/rm/fail-eperm: Enable Perl's (-T) taint checking.
        Ensure that IFS is set properly and unset PATH.
        Sanitize inputs.
        Work properly even when the name of the selected file starts with "-".
        Invoke rm via "../../src/rm", and adjust expected output.
        Prompted by a patch from Tim Waugh.

Index: tests/rm/fail-eperm
===================================================================
RCS file: /fetish/cu/tests/rm/fail-eperm,v
retrieving revision 1.16
diff -u -r1.16 fail-eperm
--- tests/rm/fail-eperm 17 Aug 2006 19:58:36 -0000      1.16
+++ tests/rm/fail-eperm 28 Sep 2006 13:27:41 -0000
@@ -3,7 +3,7 @@
 # Ensure that rm gives the expected diagnostic when failing to remove a file
 # owned by some other user in a directory with the sticky bit set.

-# Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc.
+# Copyright (C) 2002, 2003, 2004, 2006 Free Software Foundation, Inc.

 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -43,7 +43,7 @@
 ARGV_0=$0
 export ARGV_0

-exec $PERL -w -- - << \EOP
+exec $PERL -Tw -- - << \EOP
 require 5.003;
 use strict;

@@ -54,7 +54,12 @@
 # Ensure that the diagnostics are in English.
 $ENV{LC_ALL} = 'C';

+# Set up a safe, well-known environment
+delete $ENV{PATH};
+$ENV{IFS}  = '';
+
 my @dir_list = qw(/tmp /var/tmp /usr/tmp);
+my $rm = '../../src/rm';

 # Find a directory with the sticky bit set.
 my $found_dir;
@@ -71,6 +76,11 @@

        foreach my $f (readdir DIR_HANDLE)
          {
+           # Consider only names containing "safe" characters.
+           $f =~ /^(address@hidden)$/
+             or next;
+           $f = $1;    # untaint $f
+
            my $target_file = "$dir/$f";
            $verbose
              and warn "$ME: considering $target_file\n";
@@ -86,7 +96,7 @@

            # Invoke rm on this file and ensure that we get the
            # expected exit code and diagnostic.
-           my $cmd = "rm -f $target_file";
+           my $cmd = "$rm -f -- $target_file";
            open RM, "$cmd 2>&1 |"
              or die "$ME: cannot execute `$cmd'\n";

@@ -98,7 +108,7 @@
              or die "$ME: unexpected exit status from `$cmd';\n"
                . "  got $status, expected 1\n";

-           my $exp = "rm: cannot remove `$target_file':";
+           my $exp = "$rm: cannot remove `$target_file':";
            $line
              or die "$ME: no output from `$cmd';\n"
                . "expected something like `$exp ...'\n";