[Samba] selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138."
Manfred
mx2927 at gmail.com
Fri Apr 19 14:46:45 UTC 2019
In my environment the selftest for samba3.rpc.spoolss.printer was
failing at source3/script/tests/printing/modprinter.pl(138)
with the Perl error in subject:
Insecure $ENV{ENV} while running setgid at
/home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl
line 138
code is:
==============================
delete @ENV{'BASH_ENV'};
$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
system("cp", "$tmp", "$smb_conf_file"); <== FAILING HERE
unlink $tmp;
==============================
the solution is, in addition to untainting $PATH:
==============================
# the following is according to:
# https://perldoc.perl.org/perlsec.html#Cleaning-Up-Your-Path
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; # Make %ENV safer
# delete @ENV{'BASH_ENV'};
$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
system("cp", "$tmp", "$smb_conf_file"); <== FAILING HERE
unlink $tmp;
==============================
Although this appears to happen on my environment, and not in the build
farm, according to Perl doc would it look like a candidate for
consideration?
More information about the samba
mailing list