Redefine the meaning of require.user #6
Labels
Comments
ngie-eign
added a commit
to ngie-eign/kyua
that referenced
this issue
Aug 20, 2023
Ensure that characters are escaped in stdout/sterr
freebsd-git
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
Jan 18, 2024
This change brings in fixes for... - kyua report-html not properly escaping stdout/stderr: (freebsd/kyua#6). - gettimeofday(2) not necessarily being monotonic, but kyua assuming that it is: (freebsd/kyua#2). - Update configuration to work with Cirrus CI in lieu of Travis CI.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From jmmv@google.com on December 09, 2010 04:54:30
At the moment, test cases can specify whether they require root, whether they require an unprivileged user or whether they don't care who they are running as. For reproducibility purposes, the fact that require.user=empty (the default) means that we don't care about what user the test is running as, is bad.
We need to change the runtime system to work as follows: all test cases are /always/ run as an unprivileged user /except/ if they define require.root=true. Kyua needs to always drop privileges (if running as root) when a test case sets require.root=false (the default). Kyua must not attempt to escalate privileges (if running a require.root=true test as a regular user) because this can easily lead to security issues that we don't want to be involved with.
Lastly, note that this is not a security feature. Dropping privileges from Kyua is just a convenience but by no means this implies that running untrusted test cases is safe.
Original issue: http://code.google.com/p/kyua/issues/detail?id=6
The text was updated successfully, but these errors were encountered: