On 11/19/21 20:23, Bernhard Voelker wrote: > I'm getting exactly the same when the PATH variable contains the current > directory ".". > This is a security problem, and I've not seen this on any system in the last > 15 years. > > Still, the test suite should cater for and run in a sane environment. > This could be done in the test setup script 'tests/init.sh' which comes from > gnulib, > as I think this is a useful thing for probably all projects.
Done with this gnulib commit: http://git.sv.gnu.org/cgit/gnulib.git/commit/?id=d50912b6c test-framework-sh: remove unsafe entries from PATH and picked up in findutils with this commit: https://git.sv.gnu.org/cgit/findutils.git/commit/?id=0dd5eaa3 maint: update gnulib to latest > FAIL: sv-bug-27563-execdir.old-O0, > /home/berny/tmp/findutils-4.8.0/find/testsuite/../oldfind: The current > directory is included in the PATH environment variable, which is insecure in > combination > with the -execdir action of find. Please remove the current directory from > your $PATH (that is, remove ".", doubled colons, or leading or trailing > colons) > FAIL: sv-bug-27563-execdir.old-O0, standard output differs from the > expected result: > --- find.out 2021-11-19 19:13:09.265117146 +0000 > +++ cmp.out 2021-11-19 19:13:09.265117146 +0000 > @@ -0,0 +1 @@ > +./yyyy > child process exited abnormally Fixed with: https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=94e91f60f tests: skip -execdir test if PATH contains unsafe directory Have a nice day, Berny
