From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 2971 invoked from network); 3 Jul 2020 13:05:13 -0000 Received: from ns1.primenet.com.au (HELO primenet.com.au) (203.24.36.2) by inbox.vuxu.org with ESMTPUTF8; 3 Jul 2020 13:05:13 -0000 Received: (qmail 15738 invoked by alias); 3 Jul 2020 13:05:08 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: Sender: zsh-workers@zsh.org X-Seq: 46174 Received: (qmail 5255 invoked by uid 1010); 3 Jul 2020 13:05:08 -0000 X-Qmail-Scanner-Diagnostics: from out5-smtp.messagingengine.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.3/25857. spamassassin: 3.4.4. Clear:RC:0(66.111.4.29):SA:0(-2.6/5.0):. Processed in 0.884277 secs); 03 Jul 2020 13:05:08 -0000 X-Envelope-From: d.s@daniel.shahaf.name X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: none (ns1.primenet.com.au: domain at daniel.shahaf.name does not designate permitted sender hosts) X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrtdeigdehlecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggufgesthdttddttd ervdenucfhrhhomhepffgrnhhivghlucfuhhgrhhgrfhcuoegurdhssegurghnihgvlhdr shhhrghhrghfrdhnrghmvgeqnecuggftrfgrthhtvghrnheptdetffdugefhvdeigefhke dugfduhffhgfdttefgieejudekvdduvefgudfgfeefnecukfhppeejledrudejiedrfeel rdeileenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe gurdhssegurghnihgvlhdrshhhrghhrghfrdhnrghmvg X-ME-Proxy: Date: Fri, 3 Jul 2020 13:04:31 +0000 From: Daniel Shahaf To: zsh-workers@zsh.org Subject: [PATCH */2] test harness: Plug a symlink attack Message-ID: <20200703130431.GA910@tarpaulin.shahaf.local2> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) See the log messages for details. Reviewed pre-commit by, at least, Peter, Mikael, and Axel. Thanks for the reviews. Cheers, Daniel 8<--8<-- >From 3e200e7b5440c8039d0fa20b25e3867d45fc1328 Mon Sep 17 00:00:00 2001 From: Daniel Shahaf Date: Thu, 2 Jul 2020 17:40:18 +0000 Subject: [PATCH 1/2] test harness: Plug a symlink attack The test harness created tempfiles with a predictable names and sourced them without verifying they had been created by itself. This opened anyone who ran the test suite to a symlink attacks from other local users on the build machine. Fix this by creating the file whilst NO_CLOBBER and ERR_EXIT are both in scope, to ensure that we'll abort unless the file really was created as expected. Put the existing rm(1) call in a try/always block to help it be unlinked on test failures, thus reducing the chances of the NO_CLOBBER check triggering on tempfiles created by earlier test suite runs. I had first tried to fix this by using the . () { ... } =(:) . idiom, but couldn't get that to work: it broke the %prep code of X03 with ZTST_verbose unset (its default value) but not with ZTST_verbose=3. (I tried to set the latter to debug zpty_flush.) While there, add a needed-in-principle-but-noop-in-this-specific-case (q). Indentation will be restored in the next commit. --- Test/comptest | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Test/comptest b/Test/comptest index 166d0b404..4a5fcb4ba 100644 --- a/Test/comptest +++ b/Test/comptest @@ -112,17 +112,25 @@ zpty_run() { } comptesteval () { + { + # Avoid symlink attacks on the predictable filename + # TODO: either use =(:) or create this file in the tests' workdir local tmp=/tmp/comptest.$$ + () { + setopt localoptions NO_CLOBBER ERR_EXIT + print -lr - "$@" > $tmp + } "$@" - print -lr - "$@" > $tmp # zpty_flush Before comptesteval - zpty -w zsh ". $tmp" + zpty -w zsh ". ${(q)tmp}" zpty -r -m zsh log_eval "**" || { print "prompt hasn't appeared." return 1 } zpty_flush After comptesteval + } always { rm $tmp + } } comptest () { >From ab7a359edb77f9748ed5d8b8d3eb3c94279c3bdc Mon Sep 17 00:00:00 2001 From: Daniel Shahaf Date: Thu, 2 Jul 2020 17:48:08 +0000 Subject: [PATCH 2/2] test harness: Restore indentation after the previous commit. No functional change. --- Test/comptest | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/Test/comptest b/Test/comptest index 4a5fcb4ba..b14d4c959 100644 --- a/Test/comptest +++ b/Test/comptest @@ -112,25 +112,25 @@ zpty_run() { } comptesteval () { - { - # Avoid symlink attacks on the predictable filename - # TODO: either use =(:) or create this file in the tests' workdir - local tmp=/tmp/comptest.$$ - () { - setopt localoptions NO_CLOBBER ERR_EXIT - print -lr - "$@" > $tmp - } "$@" + { + # Avoid symlink attacks on the predictable filename + # TODO: either use =(:) or create this file in the tests' workdir + local tmp=/tmp/comptest.$$ + () { + setopt localoptions NO_CLOBBER ERR_EXIT + print -lr - "$@" > $tmp + } "$@" - # zpty_flush Before comptesteval - zpty -w zsh ". ${(q)tmp}" - zpty -r -m zsh log_eval "**" || { - print "prompt hasn't appeared." - return 1 - } - zpty_flush After comptesteval - } always { - rm $tmp - } + # zpty_flush Before comptesteval + zpty -w zsh ". ${(q)tmp}" + zpty -r -m zsh log_eval "**" || { + print "prompt hasn't appeared." + return 1 + } + zpty_flush After comptesteval + } always { + rm $tmp + } } comptest () {