Re: tests: dis/allow '.' in PATH?

From: Bernhard Voelker <mail@bernhard-voelker.de>
To: Paul Eggert <eggert@cs.ucla.edu>, Kamil Dudka <kdudka@redhat.com>
Cc: bug-gnulib <bug-gnulib@gnu.org>
Subject: Re: tests: dis/allow '.' in PATH?
Date: Fri, 26 Nov 2021 01:10:01 +0100	[thread overview]
Message-ID: <cb359cb9-9fae-7a64-2887-d686c34c02c5@bernhard-voelker.de> (raw)
In-Reply-To: <4340739c-a574-65e4-ec60-d27df4f961f8@cs.ucla.edu>

[-- Attachment #1: Type: text/plain, Size: 555 bytes --]

On 11/25/21 00:54, Paul Eggert wrote:
> On 11/24/21 15:03, Bernhard Voelker wrote:
> Something like the following untested code. This removes all relative 
> names from PATH, not just '.'.

Good idea.  Looking at some code from coreutils, I also suggest to
test if the entries exist.

> saved_IFS=$IFS
> IFS=:
> new_PATH=
> for dir in $PATH; do
>    case $dir in
>      /*) new_PATH=$new_PATH${new_PATH:-:}$dir;;
_______________________________________^^
This operator doesn't do what we need here.

PFA the revised patch.

Thanks & have a nice day,
Berny

[-- Attachment #2: 0001-test-framework-sh-remove-unsafe-entries-from-PATH.patch --]
[-- Type: text/x-patch, Size: 1971 bytes --]

From d50912b6c60732476bb2955d947bacb73aaa2d59 Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <mail@bernhard-voelker.de>
Date: Wed, 24 Nov 2021 23:59:00 +0100
Subject: [PATCH] test-framework-sh: remove unsafe entries from PATH

Running tests with '.' in the PATH may yield unspecified results,
and is deemed unsafe per se.  This includes empty entries as well
which are treated like a '.' entry as per POSIX.

* tests/init.sh (setup_): Add snippet to remove relative and non-
accessible entries from the PATH environment variable.
---
 ChangeLog     |  9 +++++++++
 tests/init.sh | 17 +++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 3e752b238..efbe6c888 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2021-11-25  Bernhard Voelker  <mail@bernhard-voelker.de>
+
+	test-framework-sh: remove unsafe entries from PATH
+	Running tests with '.' in the PATH may yield unspecified results,
+	and is deemed unsafe per se.  This includes empty entries as well
+	which are treated like a '.' entry as per POSIX.
+	* tests/init.sh (setup_): Add snippet to remove relative and non-
+	accessible entries from the PATH environment variable.
+
 2021-11-24  Paul Eggert  <eggert@cs.ucla.edu>
 
 	regex: merge from glibc
diff --git a/tests/init.sh b/tests/init.sh
index 9ef834888..a975592ff 100644
--- a/tests/init.sh
+++ b/tests/init.sh
@@ -426,6 +426,23 @@ setup_ ()
   for sig_ in 1 2 3 13 15; do
     eval "trap 'Exit $(expr $sig_ + 128)' $sig_"
   done
+
+  # Remove relative and non-accessible directories from PATH, including '.'
+  # and Zero-length entries.
+  saved_IFS="$IFS"
+  IFS=:
+  new_PATH=
+  sep_=
+  for dir in $PATH; do
+    case "$dir" in
+      /*) test -d "$dir/." || continue
+          new_PATH="${new_PATH}${sep_}${dir}"
+          sep_=':';;
+    esac
+  done
+  IFS="$saved_IFS"
+  PATH="$new_PATH"
+  export PATH
 }
 
 # This is a stub function that is run upon trap (upon regular exit and
-- 
2.34.0

