[PATCH */2] test harness: Plug a symlink attack

[Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>]

See the log messages for details.

Reviewed pre-commit by, at least, Peter, Mikael, and Axel.  Thanks for
the reviews.

Cheers,

Daniel


8<--8<--
>From 3e200e7b5440c8039d0fa20b25e3867d45fc1328 Mon Sep 17 00:00:00 2001
From: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
Date: Thu, 2 Jul 2020 17:40:18 +0000
Subject: [PATCH 1/2] test harness: Plug a symlink attack

The test harness created tempfiles with a predictable names and sourced
them without verifying they had been created by itself.  This opened
anyone who ran the test suite to a symlink attacks from other local
users on the build machine.

Fix this by creating the file whilst NO_CLOBBER and ERR_EXIT are both in
scope, to ensure that we'll abort unless the file really was created as
expected.

Put the existing rm(1) call in a try/always block to help it be unlinked
on test failures, thus reducing the chances of the NO_CLOBBER check
triggering on tempfiles created by earlier test suite runs.

I had first tried to fix this by using the
.
    () { ... } =(:)
.
idiom, but couldn't get that to work: it broke the %prep code of X03
with ZTST_verbose unset (its default value) but not with ZTST_verbose=3.
(I tried to set the latter to debug zpty_flush.)

While there, add a needed-in-principle-but-noop-in-this-specific-case (q).

Indentation will be restored in the next commit.

---
 Test/comptest | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Test/comptest b/Test/comptest
index 166d0b404..4a5fcb4ba 100644
--- a/Test/comptest
+++ b/Test/comptest
@@ -112,17 +112,25 @@ zpty_run() {
 }
 
 comptesteval () {
+ {
+  # Avoid symlink attacks on the predictable filename
+  # TODO: either use =(:) or create this file in the tests' workdir
   local tmp=/tmp/comptest.$$
+  () {
+    setopt localoptions NO_CLOBBER ERR_EXIT
+    print -lr - "$@" > $tmp
+  } "$@"
 
-  print -lr - "$@" > $tmp
   # zpty_flush Before comptesteval
-  zpty -w zsh ". $tmp"
+  zpty -w zsh ". ${(q)tmp}"
   zpty -r -m zsh log_eval "*<PROMPT>*" || {
     print "prompt hasn't appeared."
     return 1
   }
   zpty_flush After comptesteval
+ } always {
   rm $tmp
+ }
 }
 
 comptest () {

>From ab7a359edb77f9748ed5d8b8d3eb3c94279c3bdc Mon Sep 17 00:00:00 2001
From: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
Date: Thu, 2 Jul 2020 17:48:08 +0000
Subject: [PATCH 2/2] test harness: Restore indentation after the previous
 commit.  No functional change.

---
 Test/comptest | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/Test/comptest b/Test/comptest
index 4a5fcb4ba..b14d4c959 100644
--- a/Test/comptest
+++ b/Test/comptest
@@ -112,25 +112,25 @@ zpty_run() {
 }
 
 comptesteval () {
- {
-  # Avoid symlink attacks on the predictable filename
-  # TODO: either use =(:) or create this file in the tests' workdir
-  local tmp=/tmp/comptest.$$
-  () {
-    setopt localoptions NO_CLOBBER ERR_EXIT
-    print -lr - "$@" > $tmp
-  } "$@"
+   {
+     # Avoid symlink attacks on the predictable filename
+     # TODO: either use =(:) or create this file in the tests' workdir
+     local tmp=/tmp/comptest.$$
+     () {
+       setopt localoptions NO_CLOBBER ERR_EXIT
+       print -lr - "$@" > $tmp
+     } "$@"
 
-  # zpty_flush Before comptesteval
-  zpty -w zsh ". ${(q)tmp}"
-  zpty -r -m zsh log_eval "*<PROMPT>*" || {
-    print "prompt hasn't appeared."
-    return 1
-  }
-  zpty_flush After comptesteval
- } always {
-  rm $tmp
- }
+     # zpty_flush Before comptesteval
+     zpty -w zsh ". ${(q)tmp}"
+     zpty -r -m zsh log_eval "*<PROMPT>*" || {
+       print "prompt hasn't appeared."
+       return 1
+     }
+     zpty_flush After comptesteval
+   } always {
+     rm $tmp
+   }
 }
 
 comptest () {