#!/usr/bin/perl -Tw
# Ensure that rm gives the expected diagnostic when failing to remove a file
# owned by some other user in a directory with the sticky bit set.
# Copyright (C) 2002-2020 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
use strict;
(my $ME = $0) =~ s|.*/||;
my $uid = $<;
# skip if root
$uid == 0
and CuSkip::skip "$ME: can't run this test as root: skipping this test";
my $verbose = $ENV{VERBOSE} && $ENV{VERBOSE} eq 'yes';
# Ensure that the diagnostics are in English.
$ENV{LC_ALL} = 'C';
# Set up a safe, well-known environment
$ENV{IFS} = '';
# Taint checking requires a sanitized $PATH. This script performs no $PATH
# search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
# However, on Cygwin, it's used to find cygwin1.dll, so set it.
$ENV{PATH} = '/bin:/usr/bin';
my @dir_list = qw(/tmp /var/tmp /usr/tmp);
my $rm = "$ENV{abs_top_builddir}/src/rm";
# Untaint for upcoming popen.
$rm =~ m!^([-+\@\w./]+)$!
or CuSkip::skip "$ME: unusual absolute builddir name; skipping this test\n";
$rm = $1;
# Find a directory with the sticky bit set.
my $found_dir;
my $found_file;
foreach my $dir (@dir_list)
{
if (-d $dir && -k _ && -r _ && -w _ && -x _)
{
$found_dir = 1;
# Find a non-directory there that is owned by some other user.
opendir DIR_HANDLE, $dir
or die "$ME: couldn't open $dir: $!\n";
foreach my $f (readdir DIR_HANDLE)
{
# Consider only names containing "safe" characters.
$f =~ /^([-\@\w.]+)$/
or next;
$f = $1; # untaint $f
my $target_file = "$dir/$f";
$verbose
and warn "$ME: considering $target_file\n";
# Skip files owned by self, symlinks, and directories.
# It's not technically necessary to skip symlinks, but it's simpler.
# SVR4-like systems (e.g., Solaris 9) let you unlink files that
# you can write, so skip writable files too.
-l $target_file || -o _ || -d _ || -w _
and next;
$found_file = 1;
# Invoke rm on this file and ensure that we get the
# expected exit code and diagnostic.
my $cmd = "$rm -f -- $target_file";
open RM, "$cmd 2>&1 |"
or die "$ME: cannot execute '$cmd'\n";
my $line = ;
close RM;
my $rc = $?;
# This test opportunistically looks for files that can't
# be removed but those files may already have been removed
# by their owners by the time we get to them. It is a
# race condition. If so then the rm is successful and our
# test is thwarted. Detect this case and ignore.
if ($rc == 0)
{
next if ! -e $target_file;
die "$ME: unexpected exit status from '$cmd';\n"
. " got 0, expected 1\n";
}
if (0x80 < $rc)
{
my $status = $rc >> 8;
$status == 1
or die "$ME: unexpected exit status from '$cmd';\n"
. " got $status, expected 1\n";
}
else
{
# Terminated by a signal.
my $sig_num = $rc & 0x7F;
die "$ME: command '$cmd' died with signal $sig_num\n";
}
my $exp = "rm: cannot remove '$target_file':";
$line
or die "$ME: no output from '$cmd';\n"
. "expected something like '$exp ...'\n";
# Transform the actual diagnostic so that it starts with "rm:".
# Depending on your system, it might be "rm:" already, or
# "../../src/rm:".
$line =~ s,^\Q$rm\E:,rm:,;
my $regex = quotemeta $exp;
$line =~ /^$regex/
or die "$ME: unexpected diagnostic from '$cmd';\n"
. " got $line"
. " expected $exp ...\n";
last;
}
closedir DIR_HANDLE;
$found_file
and last;
}
}
$found_dir
or CuSkip::skip "$ME: couldn't find a directory with the sticky bit set;"
. " skipping this test\n";
$found_file
or CuSkip::skip "$ME: couldn't find a file not owned by you\n"
. " in any of the following directories:\n @dir_list\n"
. "...so, skipping this test\n";