summaryrefslogtreecommitdiff
path: root/test/integration
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-11-09 19:15:01 +0100
committerJulian Andres Klode <jak@debian.org>2017-02-22 16:53:45 +0100
commitcc5919076ba1c2dab773a6c06cb3dd5497f0c656 (patch)
treefdbe5bf7935bd1c67e35d1c9e2918056cb888701 /test/integration
parent5605c9880f36c764baaca59328777d34645a32fa (diff)
reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges
We can't cleanup the environment like e.g. sudo would do as you usually want the environment to "leak" into these helpers, but some variables like HOME should really not have still the value of the root user – it could confuse the helpers (USER) and HOME isn't accessible anyhow. Closes: 842877 (cherry picked from commit 34b491e735ad47c4805e63f3b83a659b8d10262b)
Diffstat (limited to 'test/integration')
-rw-r--r--test/integration/framework6
-rwxr-xr-xtest/integration/skip-apt-dropprivs32
2 files changed, 35 insertions, 3 deletions
diff --git a/test/integration/framework b/test/integration/framework
index d5b68da84..03633f28a 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -190,7 +190,7 @@ aptmark() { runapt apt-mark "$@"; }
aptsortpkgs() { runapt apt-sortpkgs "$@"; }
apt() { runapt apt "$@"; }
apthelper() { runapt "${APTHELPERBINDIR}/apt-helper" "$@"; }
-aptwebserver() { runapt "${APTWEBSERVERBINDIR}/aptwebserver" "$@"; }
+aptwebserver() { runapt "${APTTESTHELPERSBINDIR}/aptwebserver" "$@"; }
aptitude() { runapt aptitude "$@"; }
aptextracttemplates() { runapt apt-extracttemplates "$@"; }
aptinternalsolver() { runapt "${APTINTERNALSOLVER}" "$@"; }
@@ -331,7 +331,7 @@ setupenvironment() {
LIBRARYPATH="${APT_INTEGRATION_TESTS_LIBRARY_PATH:-"${BUILDDIRECTORY}/../apt-pkg"}"
METHODSDIR="${APT_INTEGRATION_TESTS_METHODS_DIR:-"${BUILDDIRECTORY}/../methods"}"
APTHELPERBINDIR="${APT_INTEGRATION_TESTS_LIBEXEC_DIR:-"${BUILDDIRECTORY}"}"
- APTWEBSERVERBINDIR="${APT_INTEGRATION_TESTS_WEBSERVER_BIN_DIR:-"${BUILDDIRECTORY}/../test/interactive-helper"}"
+ APTTESTHELPERSBINDIR="${APT_INTEGRATION_TESTS_HELPERS_BIN_DIR:-"${BUILDDIRECTORY}/../test/interactive-helper"}"
APTFTPARCHIVEBINDIR="${APT_INTEGRATION_TESTS_FTPARCHIVE_BIN_DIR:-"${BUILDDIRECTORY}/../ftparchive"}"
APTINTERNALSOLVER="${APT_INTEGRATION_TESTS_INTERNAL_SOLVER:-"${BUILDDIRECTORY}/solvers/apt"}"
APTDUMPSOLVER="${APT_INTEGRATION_TESTS_DUMP_SOLVER:-"${BUILDDIRECTORY}/solvers/dump"}"
@@ -1296,7 +1296,7 @@ changetowebserver() {
else
shift
fi
- if test -x "${APTWEBSERVERBINDIR}/aptwebserver"; then
+ if test -x "${APTTESTHELPERSBINDIR}/aptwebserver"; then
cd aptarchive
local LOG="webserver.log"
if ! aptwebserver --port 0 -o aptwebserver::fork=1 -o aptwebserver::portfile='aptwebserver.port' "$@" >$LOG 2>&1 ; then
diff --git a/test/integration/skip-apt-dropprivs b/test/integration/skip-apt-dropprivs
new file mode 100755
index 000000000..e0dd741cd
--- /dev/null
+++ b/test/integration/skip-apt-dropprivs
@@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'amd64'
+
+aptdropprivs() { runapt "${APTTESTHELPERSBINDIR}/aptdropprivs" "$@"; }
+
+testsuccess aptdropprivs -- /bin/true
+testsuccess aptdropprivs --user "$USER" -- /bin/true
+testsuccess aptdropprivs --user 'nobody' -- /bin/true
+testsuccess aptdropprivs --user '_apt' -- /bin/true
+
+IDBIN='/usr/bin/id'
+testsuccessequal "$("$IDBIN")" aptdropprivs --user "$USER" -- "$IDBIN"
+
+SUDOBIN='/usr/bin/sudo'
+testequal "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?" aptdropprivs --user 'nobody' -- "$SUDOBIN" "$IDBIN"
+
+if [ "$(id -u)" = '0' ]; then
+ testsuccessequal '_apt' aptdropprivs --user '_apt' -- "$IDBIN" '-un'
+ testsuccess aptdropprivs --user '_apt' -- '/bin/sh' '-c' 'export'
+ cp rootdir/tmp/testsuccess.output apt.env
+ testsuccessequal "export HOME='/nonexistent'" grep '^export HOME' apt.env
+ testsuccessequal "export USER='_apt'
+export USERNAME='_apt'" grep '^export USER' apt.env
+ testsuccessequal "export LOGNAME='_apt'" grep '^export LOGNAME' apt.env
+ testsuccessequal "export SHELL='/bin/sh'" grep '^export SHELL=' apt.env
+fi