13910 – Make %ENV safer in selftest Perl scripts

Bug 13910 - Make %ENV safer in selftest Perl scripts

Summary: Make %ENV safer in selftest Perl scripts

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	smbtorture (show other bugs)
Version:	4.10.1
Hardware:	All Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-04-23 15:50 UTC by Manfred
Modified:	2019-04-23 15:58 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
patch (1.64 KB, patch) 2019-04-23 15:50 UTC, Manfred	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Manfred 2019-04-23 15:50:22 UTC

Created attachment 15089 [details]
patch

In my environment the selftest for samba3.rpc.spoolss.printer is failing at ./source3/script/tests/printing/modprinter.pl(138)

with the Perl fatal error:
Insecure $ENV{ENV} while running setgid at ./source3/script/tests/printing/modprinter.pl line 138

The same error also is found in:
./source3/script/tests/fake_snap.pl line 25

Although my environment is Fedora 28, looking at the errors it looks like they are to be expected with any recent Perl installation; see e.g.:
https://perldoc.perl.org/perlsec.html#Cleaning-Up-Your-Path

Patch attached.