[pacman-dev] [PATCH 0/4] Redo path flexibility patches.
There was some concern about potential security implications of calling execvp and the ability to get a root shell. Good to see this was mentioned in the six months between the patches being sent to the mailing list and when they were committed (passive-agressive Allan!) All those patches are reverted (commits 4a8c2852, 993700bc, bb4d2b72, 60b192e3) in the first patch which is not being sent. Then the pactests are refixed only allowing full paths to the scriptlet shell and the path to ldconfig is made configurable. Allan McRae (4): Revert execvp and related commits pactest: handle non-default scriptlet shells Remove leading / for pactest paths Make path to ldconfig configurable Makefile.am | 1 + configure.ac | 16 +++++++++++++--- lib/libalpm/util.c | 17 ++++++++++------- test/pacman/pactest.py | 8 ++++++-- test/pacman/pmdb.py | 1 + test/pacman/pmenv.py | 1 + test/pacman/pmfile.py | 1 + test/pacman/pmpkg.py | 1 + test/pacman/pmrule.py | 1 + test/pacman/pmtest.py | 28 +++++++++------------------- test/pacman/tests/ldconfig001.py | 2 +- test/pacman/tests/ldconfig002.py | 2 +- test/pacman/tests/ldconfig003.py | 2 +- test/pacman/tests/sync700.py | 2 +- test/pacman/util.py | 1 + 15 files changed, 49 insertions(+), 35 deletions(-) -- 1.8.1.1
pacman can be configured to use a different shell the /bin/sh for scriplets. Pass the cnfigured value to the pactest suite and make the necessary "copy" of the shell in the test root. Also update all copyright years in the pactest suite. Signed-off-by: Allan McRae <allan@archlinux.org> --- Makefile.am | 1 + test/pacman/pactest.py | 5 +++++ test/pacman/pmdb.py | 1 + test/pacman/pmenv.py | 3 ++- test/pacman/pmfile.py | 1 + test/pacman/pmpkg.py | 1 + test/pacman/pmrule.py | 1 + test/pacman/pmtest.py | 10 ++++++++-- test/pacman/util.py | 1 + 9 files changed, 21 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index b05feb6..cd69b6e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -28,6 +28,7 @@ check-local: test-pacman test-pacsort test-vercmp test-parseopts test-pacman: test/pacman src/pacman LC_ALL=C $(PYTHON) $(top_srcdir)/test/pacman/pactest.py --debug=1 \ --test $(top_srcdir)/test/pacman/tests/*.py \ + --scriptlet-shell $(SCRIPTLET_SHELL) \ -p $(top_builddir)/src/pacman/pacman test-pacsort: test/util src/util diff --git a/test/pacman/pactest.py b/test/pacman/pactest.py index 2fb64ed..ea44be5 100755 --- a/test/pacman/pactest.py +++ b/test/pacman/pactest.py @@ -3,6 +3,7 @@ # pactest : run automated testing on the pacman binary # # Copyright (c) 2006 by Aurelien Foret <orelien@chez.com> +# Copyright (c) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -81,6 +82,9 @@ def create_parser(): parser.add_option("--manual-confirm", action = "store_true", dest = "manualconfirm", default = False, help = "do not use --noconfirm for pacman calls") + parser.add_option("--scriptlet-shell", type = "string", + dest = "scriptletshell", default = "/bin/sh", + help = "specify path to shell used for install scriptlets") return parser @@ -99,6 +103,7 @@ def create_parser(): env.pacman["gdb"] = opts.gdb env.pacman["valgrind"] = opts.valgrind env.pacman["manual-confirm"] = opts.manualconfirm + env.pacman["scriptlet-shell"] = opts.scriptletshell if opts.testcases is None or len(opts.testcases) == 0: print "no tests defined, nothing to do" diff --git a/test/pacman/pmdb.py b/test/pacman/pmdb.py index 285c315..b694dff 100644 --- a/test/pacman/pmdb.py +++ b/test/pacman/pmdb.py @@ -1,6 +1,7 @@ #! /usr/bin/python2 # # Copyright (c) 2006 by Aurelien Foret <orelien@chez.com> +# Copyright (c) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/test/pacman/pmenv.py b/test/pacman/pmenv.py index 0e455ce..9a88262 100644 --- a/test/pacman/pmenv.py +++ b/test/pacman/pmenv.py @@ -1,6 +1,7 @@ #! /usr/bin/python2 # # Copyright (c) 2006 by Aurelien Foret <orelien@chez.com> +# Copyright (c) 2006-2013 Pacman Developmet Team <pacman-dev@archlinux.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -66,7 +67,7 @@ def run(self): print t.description print "----------"*8 - t.generate() + t.generate(self.pacman) t.run(self.pacman) diff --git a/test/pacman/pmfile.py b/test/pacman/pmfile.py index d5aa1a1..49c0274 100644 --- a/test/pacman/pmfile.py +++ b/test/pacman/pmfile.py @@ -1,6 +1,7 @@ #! /usr/bin/python2 # # Copyright (c) 2006 by Aurelien Foret <orelien@chez.com> +# Copyright (c) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/test/pacman/pmpkg.py b/test/pacman/pmpkg.py index bfc93dd..c0c9f13 100644 --- a/test/pacman/pmpkg.py +++ b/test/pacman/pmpkg.py @@ -1,6 +1,7 @@ #! /usr/bin/python2 # # Copyright (c) 2006 by Aurelien Foret <orelien@chez.com> +# Copyright (c) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/test/pacman/pmrule.py b/test/pacman/pmrule.py index 778b6aa..3d38b85 100644 --- a/test/pacman/pmrule.py +++ b/test/pacman/pmrule.py @@ -1,6 +1,7 @@ #! /usr/bin/python2 # # Copyright (c) 2006 by Aurelien Foret <orelien@chez.com> +# Copyright (c) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/test/pacman/pmtest.py b/test/pacman/pmtest.py index 00a0b96..af5d342 100644 --- a/test/pacman/pmtest.py +++ b/test/pacman/pmtest.py @@ -1,6 +1,7 @@ #! /usr/bin/python2 # # Copyright (c) 2006 by Aurelien Foret <orelien@chez.com> +# Copyright (c) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -102,7 +103,7 @@ def load(self): else: raise IOError("file %s does not exist!" % self.name) - def generate(self): + def generate(self, pacman): print "==> Generating test environment" # Cleanup leftover files from a previous test session @@ -120,13 +121,18 @@ def generate(self): etcdir = os.path.join(self.root, os.path.dirname(util.PACCONF)) bindir = os.path.join(self.root, "bin") sbindir = os.path.join(self.root, "sbin") - sys_dirs = [dbdir, cachedir, syncdir, tmpdir, logdir, etcdir, bindir, sbindir] + shell = pacman["scriptlet-shell"][1:] + shelldir = os.path.join(self.root, os.path.dirname(shell)) + sys_dirs = [dbdir, cachedir, syncdir, tmpdir, logdir, etcdir, bindir, + sbindir, shelldir] for sys_dir in sys_dirs: if not os.path.isdir(sys_dir): vprint("\t%s" % sys_dir[len(self.root)+1:]) os.makedirs(sys_dir, 0755) # Only the dynamically linked binary is needed for fakechroot shutil.copy("/bin/sh", bindir) + if shell != "bin/sh": + shutil.copy("/bin/sh", os.path.join(self.root, shell)) shutil.copy(os.path.join(util.SELFPATH, "ldconfig.stub"), os.path.join(sbindir, "ldconfig")) ld_so_conf = open(os.path.join(etcdir, "ld.so.conf"), "w") diff --git a/test/pacman/util.py b/test/pacman/util.py index d40612d..be99cd5 100644 --- a/test/pacman/util.py +++ b/test/pacman/util.py @@ -1,6 +1,7 @@ #! /usr/bin/python2 # # Copyright (c) 2006 by Aurelien Foret <orelien@chez.com> +# Copyright (c) 2006-2013 Pacman Development Team <pacman-dev@archlinux.org> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -- 1.8.1.1
On 20/01/13 22:08, Allan McRae wrote:
There was some concern about potential security implications of calling execvp and the ability to get a root shell. Good to see this was mentioned in the six months between the patches being sent to the mailing list and when they were committed (passive-agressive Allan!)
All those patches are reverted (commits 4a8c2852, 993700bc, bb4d2b72, 60b192e3) in the first patch which is not being sent. Then the pactests are refixed only allowing full paths to the scriptlet shell and the path to ldconfig is made configurable.
Allan McRae (4): Revert execvp and related commits pactest: handle non-default scriptlet shells Remove leading / for pactest paths Make path to ldconfig configurable
Any comments on these? I don't like to leave patches that we know are going to be reverted on master, so I would like to push them soon. Allan
participants (1)
-
Allan McRae