* Martin Pitt <martin.p...@ubuntu.com>, 2011-11-09, 08:50:
- if 'needs-root' not in t.restriction_names and opts.user is not None:
+ if 'needs-root' not in t.restriction_names and opts.user:
tfl = ['su',opts.user,'-c',tf]
tmpdir = '%s%s-tmpdir' % (testbed.scratch.read(True), t.what)
script = 'rm -rf -- "$1"; mkdir -- "$1"'
After applying this hunk, TMPDIR variable is no longer exposed to test
scripts, even when adt-run is run as root.
(Setting TMPDIR was a mistake in the first place IMHO. This variable in
POSIX has completely different semantics. Running a scripts that relied
on the feature outside adt-run might lead to security holes.)
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
