<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="12" style="border: 1px #c9c399 solid; border-radius: 6px; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/128477/">https://git.reviewboard.kde.org/r/128477/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<p style="margin-top: 0;">On July 18th, 2016, 11:30 p.m. CEST, <b>David Faure</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Wow, it never occured to me that someone might run this test as root. I thought it was well known that development should not be done as root ;)
But I can see how it might happen when creating packages with unittests enabled or something.</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">The patch looks fine to me, not sure why you say "it probably still needs some more work" ?</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Unfortunately I see no other way to test files owned by other users. But of course as long as this is tested once, the other tests could change permissions on a temp file to get into "missing permissions" error cases.</p></pre>
</blockquote>
<p>On July 19th, 2016, 1:40 p.m. CEST, <b>Tobias Berner</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">It needs more work, because the test in itself is still basically a russian roulette. My patch merely tries to break the fingers of the players before their turn's up.</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">I find it highly scary/nightmare inducing that there is a testcase that has as 'failure' a destroyed operating system. This cannot meet any quality standards I can think of.
And I really find it quite scary that you use the "don't run as root" excuse. Yes I grant you, that running tests with privileges may be wrong, but
I enabled them in our package builder to give them a go -- and there you go...
However, if running tests as root is wrong, trying to rm /etc or /boot probably contradicts some Geneva convention.</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">I think the proper way would be to make the test to only touch files it itself creates & chowns.
Or the test could only try to remember a hardcoded <code style="text-rendering: inherit;color: #4444cc;padding: 0;white-space: normal;margin: 0;line-height: inherit;">/tmp/kio_test/file</code> and <code style="text-rendering: inherit;color: #4444cc;padding: 0;white-space: normal;margin: 0;line-height: inherit;">/tmp/kio_test/dir</code> that have to be created before running the test
by the developer for these tests.
But it should <em style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;">never</em> opt to <em style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;">well look at that nice system config file/dir, that is certainly owned by root, let's try to remove that</em> .</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">What do you think would it be possible to reimplement the tests in that way? Or would that break the tests?</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">[Please note, this is not an attack on you personally, but on the really scary stuff the tests do].</p></pre>
</blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">what about adding a check to our cmake configs to disallow running ctest as root? I doubt that kio is the only KDE software which has dangerous tests when running as root. I wouldn't trust my kwin tests to get executed as root (as they interact with hardware).</p></pre>
<br />
<p>- Martin</p>
<br />
<p>On July 18th, 2016, 7:10 p.m. CEST, Tobias Berner wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="12" style="border: 1px #888a85 solid; border-radius: 6px; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tr>
<td>
<div>Review request for KDE Frameworks and David Faure.</div>
<div>By Tobias Berner.</div>
<p style="color: grey;"><i>Updated July 18, 2016, 7:10 p.m.</i></p>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
kio
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Some tests for kio try to move system relevant files&paths with the blind assumption that
the permissions to touch these files is not present.
The files are
- /etc/passwd
- /etc/cups
- /etc
- /boot
[sic!].</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Check that the process does not actually have the rights to touch system
relevant files when running the
- TestTrash::trashDirectoryOwnedByRoot
- TestTrash::trashFileOwnedByRoot
- JobTest::moveFileNoPermissions
- JobTest::moveDirectoryNoPermissions
tests -- and bail out of them if so.</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">This patch probably still needs some more work [maybe I also missed another naughty test?],
and I welcome every kind of input on it (apart from the straw man <em style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;">don't run tests as root</em> ;) ).</p></pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Without patch:
- enjoying two hours of restoring a system without /etc & /boot</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">With patch:
- grep 'must not' Testing/Temporary/LastTest.log.tmp
SKIP : TestTrash::trashFileOwnedByRoot() Test must not be run by root.
SKIP : TestTrash::trashDirectoryOwnedByRoot() Test must not be run by root.
SKIP : JobTest::moveFileNoPermissions() Test must not be run by root.
SKIP : JobTest::moveDirectoryNoPermissions() Test must not be run by root.</p></pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>autotests/jobtest.cpp <span style="color: grey">(579c507)</span></li>
<li>src/ioslaves/trash/tests/testtrash.cpp <span style="color: grey">(c71df13)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/128477/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>