search

Perl-Toolchain-Gang / File-Temp

Temporary file handling in Perl
Other
7 stars 28 forks source link

security.t complains during compilation of Perl with AFS filesystem #40

Open djzhh opened 6 months ago

djzhh commented 6 months ago

Compiling Perl and running ./perl harness in directory t yields

uid=NNN topuid=10 euid=MMMM path='/afs/desy.de/user/d' at ../../lib/File/Temp.pm line 688.
        File::Temp::_is_safe("/afs/CELLNAME/user/U", SCALAR(0x17475f0)) called at ../../lib/File/Temp.pm line 787
        File::Temp::_is_verysafe(".", SCALAR(0x17475f0)) called at ../../lib/File/Temp.pm line 479
        File::Temp::_gettemp("tmpXXXXX", "open", 1, "mkdir", 0, "unlink_on_close", 0, "suffixlen", ...) called at ../../lib/Fil
e/Temp.pm line 1488
        File::Temp::tempfile("tmpXXXXX", "UNLINK", 1) called at t/security.t line 105
        eval {...} called at t/security.t line 105
        main::test_security() called at t/security.t line 67
../cpan/File-Temp/t/security.t ....................................... ok

when compiled within AFS filesystem, but works fine on a local filesystem. ./Configure detects AFS and displays a notice AFS may be running... I'll be extra cautious then... and AFS is somewhat peculiar concerning ACL handling. Permissions are handled directory-wise (file permissions are not considered like in e.g. ext4); see also https://docs.openafs.org/UserGuide/HDRWQ46.html

If I understood everything correctly, this patch should help:

*** old/cpan/File-Temp/t/security.t 2023-11-28 12:57:27.000000000 +0100
--- new/cpan/File-Temp/t/security.t       2024-03-12 23:45:59.000000000 +0100
*************** sub test_security {
*** 102,107 ****
--- 102,115 ----
          skip("Skip Test inappropriate for root", 2);
          return;
      }
+     my $Curdir = File::Spec->curdir;
+     if ( $Config::Config{afs} eq "true"
+        && $Curdir
+        && $Curdir =~ /^\Q$Config::Config{afsroot}/
+       ) {
+       skip "AFS", 2;
+       return;
+     }
      my ($fh2, $fname2) = eval { tempfile ($template,  UNLINK => 1 ); };
      if (defined $fname2) {
          print "# fname2 = $fname2\n";
Leont commented 6 months ago

curdir is always true , and it's relative (. on almost all platforms).

djzhh commented 6 months ago

O.k., so it looks to me to better use the condition you proposed in https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/451#issuecomment-1997947822