[Samba] selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138."
Manfred
mx2927 at gmail.com
Fri Apr 19 21:34:31 UTC 2019
The same error occurs at:
source3/script/tests/fake_snap.pl(25)
which is fixed in the same way.
On 4/19/19 4:46 PM, Manfred wrote:
> In my environment the selftest for samba3.rpc.spoolss.printer was
> failing at source3/script/tests/printing/modprinter.pl(138)
>
> with the Perl error in subject:
> Insecure $ENV{ENV} while running setgid at
> /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl
> line 138
>
> code is:
> ==============================
> delete @ENV{'BASH_ENV'};
>
> $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
> system("cp", "$tmp", "$smb_conf_file"); <== FAILING HERE
> unlink $tmp;
> ==============================
>
> the solution is, in addition to untainting $PATH:
> ==============================
> # the following is according to:
> # https://perldoc.perl.org/perlsec.html#Cleaning-Up-Your-Path
> delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; # Make %ENV safer
> # delete @ENV{'BASH_ENV'};
>
> $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
> system("cp", "$tmp", "$smb_conf_file"); <== FAILING HERE
> unlink $tmp;
> ==============================
>
> Although this appears to happen on my environment, and not in the build
> farm, according to Perl doc would it look like a candidate for
> consideration?
More information about the samba
mailing list