thr3ads.net - samba - [Samba] selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138." [Apr 2019]

If this information is useful, please help other people find it:
Share via:

Manfred

2019-Apr-19 14:46 UTC

[Samba] selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138."

In my environment the selftest for samba3.rpc.spoolss.printer was 
failing at source3/script/tests/printing/modprinter.pl(138)

with the Perl error in subject:
Insecure $ENV{ENV} while running setgid at 
/home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl 
line 138

code is:
=============================delete @ENV{'BASH_ENV'};

$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
system("cp", "$tmp", "$smb_conf_file"); <==
FAILING HERE
unlink $tmp;
=============================
the solution is, in addition to untainting $PATH:
=============================# the following is according to:
# https://perldoc.perl.org/perlsec.html#Cleaning-Up-Your-Path
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Make %ENV safer
# delete @ENV{'BASH_ENV'};

$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
system("cp", "$tmp", "$smb_conf_file"); <==
FAILING HERE
unlink $tmp;
=============================
Although this appears to happen on my environment, and not in the build 
farm, according to Perl doc would it look like a candidate for 
consideration?

Manfred

2019-Apr-19 21:34 UTC

head link

[Samba] selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138."

The same error occurs at:
source3/script/tests/fake_snap.pl(25)
which is fixed in the same way.

On 4/19/19 4:46 PM, Manfred wrote:> In my environment the selftest for samba3.rpc.spoolss.printer was 
> failing at source3/script/tests/printing/modprinter.pl(138)
> 
> with the Perl error in subject:
> Insecure $ENV{ENV} while running setgid at 
> /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl 
> line 138
> 
> code is:
> =============================> delete @ENV{'BASH_ENV'};
> 
> $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
> system("cp", "$tmp", "$smb_conf_file");
<== FAILING HERE
> unlink $tmp;
> =============================> 
> the solution is, in addition to untainting $PATH:
> =============================> # the following is according to:
> # https://perldoc.perl.org/perlsec.html#Cleaning-Up-Your-Path
> delete @ENV{'IFS', 'CDPATH', 'ENV',
'BASH_ENV'}; # Make %ENV safer
> # delete @ENV{'BASH_ENV'};
> 
> $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
> system("cp", "$tmp", "$smb_conf_file");
<== FAILING HERE
> unlink $tmp;
> =============================> 
> Although this appears to happen on my environment, and not in the build 
> farm, according to Perl doc would it look like a candidate for 
> consideration?

Apparently Analagous Threads

Search for more apparently analagous threads

samba - Apr 2019 - selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138."

[Samba] selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138."

[Samba] selftest: Perl error "Insecure $ENV{ENV} while running setgid at /home/user/src/samba-git/samba/source3/script/tests/printing/modprinter.pl line 138."

Apparently Analagous Threads