Closed jmtd closed 9 years ago
fragglet
commented
9 years ago Looks great, thanks!
This did occur to me in the past but the idea of an attack on someone running Lhasa unit tests seemed a bit far-fetched to me. It's a good idea nonetheless just so all builds will be independent though.
jmtd
commented
9 years ago Hi Simon,
On Tue, Oct 21, 2014 at 10:12:16PM -0700, Simon Howard wrote:
This did occur to me in the past but the idea of an attack on someone running Lhasa unit tests seemed a bit far-fetched to me. It's a good idea nonetheless just so all builds will be independent though.
I agree the likelyhood of someone attacking someone building lhasa is very low. The risk is theoretical on autobuilders, especially if they build as root, and are on a shared system.
It does appear that these patches fix the Debian buildds, which had been tripping over on the testsuite. Perhaps they had some kind of anti-/tmp abuse mechanism that was preventing things working.
I've just tidied things up a bit and I'll send you another PR. There are a few other things I noticed but nothing high (or even medium) priority :)
(Hoping to work on some kind of C thing soon, getting bored of bourne shell...)
Thanks!
Adjust test-extract to use a working directory created using mktemp, to avoid predictable filenames and symlink-attacks in /tmp.
This completes the work begun in d42ed05.