You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2018/09/19 12:50:29 UTC
[Bug 7630] New: Warnings in regression tests because of insecure
$PATH
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
Bug ID: 7630
Summary: Warnings in regression tests because of insecure $PATH
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Hardware: PC
OS: OpenBSD
Status: NEW
Severity: normal
Priority: P2
Component: Regression Tests
Assignee: dev@spamassassin.apache.org
Reporter: giovanni@paclan.it
Target Milestone: Undefined
Created attachment 5599
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5599&action=edit
Regression test fix
When running a test I have some warnings about insecure $ENV{PATH}.
-------------------------------------------------------------------
$ prove -t t/uri.t
t/uri.t .. Insecure $ENV{PATH} while running with -t switch at SATest.pm line
177.
Insecure directory in $ENV{PATH} while running with -t switch at SATest.pm line
177.
Insecure dependency in system while running with -t switch at SATest.pm line
177.
t/uri.t .. ok
All tests successful.
Files=1, Tests=95, 5 wallclock secs ( 0.11 usr 0.01 sys + 3.82 cusr 0.48
csys = 4.42 CPU)
Result: PASS
-------------------------------------------------------------------
Resetting $PATH to a default one and untainting a variable before the system(3)
call fixes the issue.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7630] Warnings in regression tests because of insecure $PATH
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|4.0.0 |3.4.3
Severity|normal |blocker
Resolution|WORKSFORME |---
Status|RESOLVED |REOPENED
--- Comment #2 from Kevin A. McGrail <km...@apache.org> ---
Sorry to say, it still happens for me on a stock Centos 7. I'll look at it.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7630] Warnings in regression tests because of insecure $PATH
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
--- Comment #5 from Henrik Krohns <he...@hege.li> ---
It does seem none of the tests use tainting.
This is ok for all tests that use sarun(), which will exec spamassassin command
which uses tainting.
But should not all *.t that create it's own Mail::SpamAssassin use tainting, to
catch any tainting problems? I think it warrants some investigation.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7630] Warnings in regression tests because of insecure $PATH
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
--- Comment #4 from Henrik Krohns <he...@hege.li> ---
And are you even supposed to use "prove -t" (taint) as the original post shows?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7630] Warnings in regression tests because of insecure $PATH
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.4.3
CC| |kmcgrail@apache.org
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7630] Warnings in regression tests because of insecure $PATH
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
--- Comment #3 from Henrik Krohns <he...@hege.li> ---
Why are you running "prove" vs
make test TEST_FILES="t/uri.t"
... which is the documented way. With make test I do not get any warnings. I
guess there are some path differences for each method.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7630] Warnings in regression tests because of insecure $PATH
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |giovanni@paclan.it
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #1 from Giovanni Bechis <gi...@paclan.it> ---
I cannot reproduce it anymore, it was probably due to an unsupported local
setup.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7630] Warnings in regression tests because of insecure $PATH
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
Henrik Krohns <he...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.4.3 |4.0.0
CC| |hege@hege.li
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7630] Warnings in regression tests because of insecure $PATH
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7630
Henrik Krohns <he...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution|--- |FIXED
--- Comment #6 from Henrik Krohns <he...@hege.li> ---
Closing, see Bug 7726.
--
You are receiving this mail because:
You are the assignee for the bug.