From 63fde0b744130d95e463299e204ddc5c46199b08 Mon Sep 17 00:00:00 2001 From: Daniel Shahaf Date: Thu, 2 Jul 2020 17:40:18 +0000 Subject: 46174/0001: test harness: Plug a symlink attack The test harness created tempfiles with a predictable names and sourced them without verifying they had been created by itself. This opened anyone who ran the test suite to a symlink attacks from other local users on the build machine. Fix this by creating the file whilst NO_CLOBBER and ERR_EXIT are both in scope, to ensure that we'll abort unless the file really was created as expected. Put the existing rm(1) call in a try/always block to help it be unlinked on test failures, thus reducing the chances of the NO_CLOBBER check triggering on tempfiles created by earlier test suite runs. I had first tried to fix this by using the . () { ... } =(:) . idiom, but couldn't get that to work: it broke the %prep code of X03 with ZTST_verbose unset (its default value) but not with ZTST_verbose=3. (I tried to set the latter to debug zpty_flush.) While there, add a needed-in-principle-but-noop-in-this-specific-case (q). Indentation will be restored in the next commit. --- Test/comptest | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'Test') diff --git a/Test/comptest b/Test/comptest index 166d0b404..4a5fcb4ba 100644 --- a/Test/comptest +++ b/Test/comptest @@ -112,17 +112,25 @@ zpty_run() { } comptesteval () { + { + # Avoid symlink attacks on the predictable filename + # TODO: either use =(:) or create this file in the tests' workdir local tmp=/tmp/comptest.$$ + () { + setopt localoptions NO_CLOBBER ERR_EXIT + print -lr - "$@" > $tmp + } "$@" - print -lr - "$@" > $tmp # zpty_flush Before comptesteval - zpty -w zsh ". $tmp" + zpty -w zsh ". ${(q)tmp}" zpty -r -m zsh log_eval "**" || { print "prompt hasn't appeared." return 1 } zpty_flush After comptesteval + } always { rm $tmp + } } comptest () { -- cgit 1.4.1