From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.3 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE,RDNS_NONE,SPF_PASS autolearn=no autolearn_force=no
	version=3.4.2
Received: (qmail 10633 invoked from network); 12 Mar 2020 18:12:07 -0000
Received-SPF:  pass (primenet.com.au: domain of zsh.org
  designates 203.24.36.2 as permitted sender)
  receiver=inbox.vuxu.org; client-ip=203.24.36.2
  envelope-from=<zsh-workers-return-45542-ml=inbox.vuxu.org@zsh.org>
Received: from unknown (HELO primenet.com.au) (203.24.36.2)
  by inbox.vuxu.org with ESMTP; 12 Mar 2020 18:12:07 -0000
Received: (qmail 12709 invoked by alias); 12 Mar 2020 18:12:02 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
List-Unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
X-Seq: 45542
Received: (qmail 7778 invoked by uid 1010); 12 Mar 2020 18:12:02 -0000
X-Qmail-Scanner-Diagnostics: from mail-qk1-f194.google.com by f.primenet.com.au (envelope-from <dana@dana.is>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.102.2/25744. spamassassin: 3.4.2.  
 Clear:RC:0(209.85.222.194):SA:0(-1.9/5.0):. 
 Processed in 3.046225 secs); 12 Mar 2020 18:12:02 -0000
X-Envelope-From: dana@dana.is
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.222.194 as permitted sender)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=RZsAOhcE3maIH6aUmgX495vAUIA4vOTQwuiA6qV+Dxs=;
        b=p7mnmi01TqJHIG/aQWGdvkh5RjsTvrRzTerI/58xakjMfo9sBrhSyXnz/zYCzukDxy
         P/Mha9uhg0e427zscN1nkoekIsB9UBeLAZvm0oLYkhGsboEUKtPtqjm6PTQ7MDUZlVot
         kRKttQHehtNra+5pcw3uUWQghz0h3nazssR5d/REWvRuQ9Ce4uU2D6a/q3Y8rqPYExoD
         Xi2Zx4v/8cuSy0en623MeDBEpxASRim8yi00yn5J1mO4dVqVwixdINSvPZa1ZYzpjRd6
         evYj1hMz3yL01/hRRZck1CoqHYDirz65ceIgHNKXKOYzlY2AZkk8wrU3eIWfaRR6W3GR
         mpEA==
X-Gm-Message-State: ANhLgQ0DOMgW57hBDCgIOGoQdZEXDxD4m/l5uRj9KRuttyf7Q/cWsD4K
	mbFFpYouLXcV+f6VdLuy55cobHCFf+c=
X-Google-Smtp-Source: ADFU+vs7Fkg4d1MPThVLoY759aShv/xLAsHDWtUOyWt86WY2Zt664y951u7XwVz6NH9mSGyHf7VTQA==
X-Received: by 2002:a37:404d:: with SMTP id n74mr9024153qka.73.1584036685968;
        Thu, 12 Mar 2020 11:11:25 -0700 (PDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Subject: Re: P01privileged fails on CentOS/Fedora (a simple permission issue)
From: dana <dana@dana.is>
In-Reply-To: <CAH+w=7aoZXJAtuNH6MtgZ50oxsCQAzT3NCmNVdRqksOyFOdq=w@mail.gmail.com>
Date: Thu, 12 Mar 2020 13:11:23 -0500
Cc: "Jun. T" <takimoto-j@kba.biglobe.ne.jp>,
 Zsh hackers list <zsh-workers@zsh.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F4775DE-00AB-49DA-A12C-72E13B60C1F5@dana.is>
References: <2682CEC4-4890-4363-A5F0-0431CBCF0C97@kba.biglobe.ne.jp>
 <4563882F-8ACF-4C81-848B-021FE393FBBF@kba.biglobe.ne.jp>
 <A9880145-4EFD-4375-B028-BFD52BBA6063@dana.is>
 <CAH+w=7aoZXJAtuNH6MtgZ50oxsCQAzT3NCmNVdRqksOyFOdq=w@mail.gmail.com>
To: Bart Schaefer <schaefer@brasslantern.com>
X-Mailer: Apple Mail (2.3445.104.11)


On 11 Mar 2020, at 15:26, Bart Schaefer <schaefer@brasslantern.com> =
wrote:
> What about reading the UID/GID of the directory to assign defaults of
> ZSH_TEST_UNPRIVILEGED_UID and ZSH_TEST_UNPRIVILEGED_GID?

Thanks. Had to double-check this.

This will help, if (1) we use the directory owner for the EUID and (2) =
we get
rid of anything in the test file that tries to set the test shell's EUID =
to
something besides the owner or root.

Right now, only the very first test (the one that failed for Jun) does =
that. I
*think* it's probably fine to eliminate it, since it's a bit redundant =
in this
particular case... but it'll break again if we ever try to re-add a =
similar
check.

I guess i'm OK with that if everyone else is.

dana


diff --git a/Test/P01privileged.ztst b/Test/P01privileged.ztst
index c54112bb6..7c4a1be35 100644
--- a/Test/P01privileged.ztst
+++ b/Test/P01privileged.ztst
@@ -13,8 +13,13 @@
 # same requirements here.)
 #
 # If either of the aforementioned environment variables is not set, the =
test
-# script will try to pick the first two >0 IDs from the passwd/group =
databases
-# on the current system.
+# script will try to use the UID/GID of the test directory, if not 0, =
for the
+# two effective IDs. (This is intended to work around issues that might =
occur
+# when e.g. the test directory lives under a home directory with mode =
0700.
+# Unfortunately, if this is the case, it will not be possible to use =
anything
+# besides the directory owner or root as the test shell's EUID -- =
maintainers
+# take note.) Otherwise, the script will pick the first >0 ID(s) from =
the
+# passwd/group databases on the current system.
 #
 # If either variable is set, the tests will run, but they will likely =
fail
 # without super-user privileges.
@@ -45,10 +50,12 @@
     euid=3D${ZSH_TEST_UNPRIVILEGED_UID##*:}
   else
     print -ru$ZTST_fd 'Selecting unprivileged UID:EUID pair =
automatically'
+    # See above for why we do this
+    zmodload -sF zsh/stat b:zstat && euid=3D${"$( zstat +uid -- =
$ZTST_testdir )":#0}
     local tmp=3D$( getent passwd 2> /dev/null || < /etc/passwd )
     # Note: Some awks require -v and its argument to be separate
-    ruid=3D$( awk -F:            '$3 > 0 { print $3; exit; }' <<< $tmp =
)
-    euid=3D$( awk -F: -v u=3D$ruid '$3 > u { print $3; exit; }' <<< =
$tmp )
+    ruid=3D$( awk -F: -v u=3D${euid:-0} '$3 > 0 && $3 !=3D u { print =
$3; exit; }' <<< $tmp )
+    euid=3D${euid:-"$( awk -F: -v u=3D$ruid '$3 > u { print $3; exit; =
}' <<< $tmp )"}
   fi
   #
   if [[ -n $ZSH_TEST_UNPRIVILEGED_GID ]]; then
@@ -56,10 +63,12 @@
     egid=3D${ZSH_TEST_UNPRIVILEGED_GID##*:}
   else
     print -ru$ZTST_fd 'Selecting unprivileged GID:EGID pair =
automatically'
+    # See above again -- this shouldn't have the same impact as the =
UID, though
+    zmodload -sF zsh/stat b:zstat && egid=3D${"$( zstat +gid -- =
$ZTST_testdir )":#0}
     local tmp=3D$( getent group 2> /dev/null || < /etc/group )
     # Note: Some awks require -v and its argument to be separate
-    rgid=3D$( awk -F:            '$3 > 0 { print $3; exit; }' <<< $tmp =
)
-    egid=3D$( awk -F: -v g=3D$rgid '$3 > g { print $3; exit; }' <<< =
$tmp )
+    rgid=3D$( awk -F: -v g=3D${egid:-0} '$3 > 0 && $3 !=3D g { print =
$3; exit; }' <<< $tmp )
+    egid=3D${egid:=3D"$( awk -F: -v g=3D$rgid '$3 > g { print $3; exit; =
}' <<< $tmp )"}
   fi
   #
   [[ $ruid/$euid =3D=3D <1->/<1-> && $ruid !=3D $euid ]] || ruid=3D =
euid=3D
@@ -134,11 +143,9 @@
=20
 %test
=20
-  re_zsh $ruid $ruid -1 -1 'echo $UID/$EUID $options[privileged]'
   re_zsh $euid $euid -1 -1 'echo $UID/$EUID $options[privileged]'
   re_zsh $ruid $euid -1 -1 'echo $UID/$EUID $options[privileged]'
 0q:PRIVILEGED automatically enabled when RUID !=3D EUID
->$ruid/$ruid off
 >$euid/$euid off
 >$ruid/$euid on
=20=