46174/0001: test harness: Plug a symlink attack

The test harness created tempfiles with a predictable names and sourced
them without verifying they had been created by itself.  This opened
anyone who ran the test suite to a symlink attacks from other local
users on the build machine.

Fix this by creating the file whilst NO_CLOBBER and ERR_EXIT are both in
scope, to ensure that we'll abort unless the file really was created as
expected.

Put the existing rm(1) call in a try/always block to help it be unlinked
on test failures, thus reducing the chances of the NO_CLOBBER check
triggering on tempfiles created by earlier test suite runs.

I had first tried to fix this by using the
.
    () { ... } =(:)
.
idiom, but couldn't get that to work: it broke the %prep code of X03
with ZTST_verbose unset (its default value) but not with ZTST_verbose=3.
(I tried to set the latter to debug zpty_flush.)

While there, add a needed-in-principle-but-noop-in-this-specific-case (q).

Indentation will be restored in the next commit.

1 files changed, 10 insertions, 2 deletions

diff --git a/Test/comptest b/Test/comptest
index 166d0b404..4a5fcb4ba 100644
--- a/Test/comptest
+++ b/Test/comptest
@@ -112,17 +112,25 @@ zpty_run() {
 }
 
 comptesteval () {
+ {
+  # Avoid symlink attacks on the predictable filename
+  # TODO: either use =(:) or create this file in the tests' workdir
   local tmp=/tmp/comptest.$$
+  () {
+    setopt localoptions NO_CLOBBER ERR_EXIT
+    print -lr - "$@" > $tmp
+  } "$@"
 
-  print -lr - "$@" > $tmp
   # zpty_flush Before comptesteval
-  zpty -w zsh ". $tmp"
+  zpty -w zsh ". ${(q)tmp}"
   zpty -r -m zsh log_eval "*<PROMPT>*" || {
     print "prompt hasn't appeared."
     return 1
   }
   zpty_flush After comptesteval
+ } always {
   rm $tmp
+ }
 }
 
 comptest () {