diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | Test/comptest | 12 |
2 files changed, 14 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog index fa1c74563..a40cf72d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2020-07-05 Daniel Shahaf <d.s@daniel.shahaf.name> + + * 46174/0001: Test/comptest: test harness: Plug a symlink attack + 2020-07-03 Matthew Martin <phy1729@gmail.com> * 46168: Src/builtin.c, Test/B01cd.ztst: Update $PWD and call diff --git a/Test/comptest b/Test/comptest index 166d0b404..4a5fcb4ba 100644 --- a/Test/comptest +++ b/Test/comptest @@ -112,17 +112,25 @@ zpty_run() { } comptesteval () { + { + # Avoid symlink attacks on the predictable filename + # TODO: either use =(:) or create this file in the tests' workdir local tmp=/tmp/comptest.$$ + () { + setopt localoptions NO_CLOBBER ERR_EXIT + print -lr - "$@" > $tmp + } "$@" - print -lr - "$@" > $tmp # zpty_flush Before comptesteval - zpty -w zsh ". $tmp" + zpty -w zsh ". ${(q)tmp}" zpty -r -m zsh log_eval "*<PROMPT>*" || { print "prompt hasn't appeared." return 1 } zpty_flush After comptesteval + } always { rm $tmp + } } comptest () { |