[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new snapshot available: coreutils-8.0.108-3aff3
From: |
Gilles Espinasse |
Subject: |
Re: new snapshot available: coreutils-8.0.108-3aff3 |
Date: |
Mon, 16 Nov 2009 08:39:43 +0100 |
----- Original Message -----
From: "Jim Meyering" <address@hidden>
To: "Gilles Espinasse" <address@hidden>
Cc: <address@hidden>
Sent: Sunday, November 15, 2009 9:37 AM
Subject: Re: new snapshot available: coreutils-8.0.108-3aff3
> Gilles Espinasse wrote:
> ...
> >> > Insecure directory in $ENV{PATH} while running with -T switch at -
line
> > 73.
> >>
> >> Is some directory in your $PATH group- or world-writable?
> >
> > should not
> > find `echo "$PATH" | sed 's/:/ /g'` -maxdepth 0 -ls
> > 1331275 4 drwxr-xr-x 2 root root 4096 Oct 21 23:07
> > /tools_i486/usr/bin
> > 1672609 4 drwxr-xr-x 2 root root 4096 Nov 14 17:56 /bin
> > 1672645 4 drwxr-xr-x 2 root root 4096 Nov 14 17:57
/usr/bin
> > 1672640 4 drwxr-xr-x 2 root root 4096 Nov 14 17:57
/sbin
> > 1672648 4 drwxr-xr-x 2 root root 4096 Nov 14 17:57
> > /usr/sbin
> > 1672299 12 drwxr-xr-x 2 root root 12288 Nov 14 17:42
> > /tools_i486/bin
>
> That doesn't show the actual value of your $PATH envvar.
> I'll bet it starts with ":". *THAT* is definitely insecure.
No
First, I could do in the chroot
perl -e 'print "$ENV{PATH}\n";'
/tools_i486/usr/bin:/bin:/usr/bin:/sbin:/usr/sbin:/tools_i486/bin
Secondly, in the modified pwd-long test, I was able to run what is strictly
the first part of the test before the 'do ... until (++$i == $n);' so PATH
should be sane to this point.
If I add the 'do ... until (++$i == $n);' part in my changes like in the
patch send, test status is changed to skip
[chroot-i486] root:/usr/src/coreutils-8.0.108-3aff3$ make check -C tests
TESTS=misc/pwd-long VERBOSE=yes
make: Entering directory `/usr/src/coreutils-8.0.108-3aff3/tests'
make check-TESTS
make[1]: Entering directory `/usr/src/coreutils-8.0.108-3aff3/tests'
make[2]: Entering directory `/usr/src/coreutils-8.0.108-3aff3/tests'
SKIP: misc/pwd-long
====================
All 0 tests passed
(1 test was not run)
====================
make[2]: Leaving directory `/usr/src/coreutils-8.0.108-3aff3/tests'
make[1]: Leaving directory `/usr/src/coreutils-8.0.108-3aff3/tests'
make: Leaving directory `/usr/src/coreutils-8.0.108-3aff3/tests'
So I have not yet found where it fail and why.
Gilles