[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] tests: misc/sort-exit-early: do not run as root.
From: |
Jim Meyering |
Subject: |
Re: [PATCH] tests: misc/sort-exit-early: do not run as root. |
Date: |
Thu, 30 Aug 2012 11:15:59 +0200 |
Nick Alcock wrote:
> This test requires an unwritable input and an unreadable output,
> so will fail if the testsuite is being run as root, and should
> not be run in this case.
> ---
> tests/misc/sort-exit-early | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tests/misc/sort-exit-early b/tests/misc/sort-exit-early
> index 7470aad..b83a489 100755
> --- a/tests/misc/sort-exit-early
> +++ b/tests/misc/sort-exit-early
> @@ -19,6 +19,8 @@
> . "${srcdir=.}/init.sh"; path_prepend_ ../src
> print_ver_ sort
>
> +skip_if_root_
Thanks for the testing and especially for the fix.
A word of caution:
There have been exploitable flaws (albeit rare) in these tests over
the years, and if you had regularly run all of them as root on a shared
system, it might have been easy to exploit. The root-only tests are
more carefully audited, precisely because we regularly run them as root.
I recommend to run only the designated "root-only" tests as root:
(from README)
Running tests as root:
----------------------
If you run the tests as root, note that a few of them create files
and/or run programs as a non-root user, 'nobody' by default.
If you want to use some other non-root username, specify it via
the NON_ROOT_USERNAME environment variable. Depending on the
permissions with which the working directories have been created,
using 'nobody' may fail, because that user won't have the required
read and write access to the build and test directories.
I find that it is best to unpack and build as a non-privileged
user, and then to run the following command as that user in order
to run the privilege-requiring tests:
sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
If you can run the tests as root, please do so and report any
problems. We get much less test coverage in that mode, and it's
arguably more important that these tools work well when run by
root than when run by less privileged users.