Opened 8 years ago
Last modified 8 years ago
#13631 closed defect
Sage refuses to run despite safe directory — at Version 9
Reported by: | vbraun | Owned by: | mvngu |
---|---|---|---|
Priority: | blocker | Milestone: | sage-5.4 |
Component: | doctest coverage | Keywords: | |
Cc: | jdemeyer | Merged in: | |
Authors: | Jeroen Demeyer | Reviewers: | |
Report Upstream: | N/A | Work issues: | |
Branch: | Commit: | ||
Dependencies: | Stopgaps: |
Description (last modified by )
Something is wrong with the patch at #13579. This breaks the patchbot on Fedora:
(sage-sh) patchbot@volker-desktop:sage$ python -Werror -c '' RuntimeWarning: not adding directory '' to sys.path since it's writable by an untrusted group. Untrusted users could put files in this directory which might then be imported by your Python code. As a general precaution from similar exploits, you should not execute Python code from this directory (sage-sh) patchbot@volker-desktop:sage$ ls -ald . drwxrwxr-x. 7 patchbot patchbot 4096 Oct 20 11:24 . (sage-sh) patchbot@volker-desktop:sage$ umask 0002 (sage-sh) patchbot@volker-desktop:sage$ groups patchbot (sage-sh) patchbot@volker-desktop:sage$ id uid=1001(patchbot) gid=1001(patchbot) groups=1001(patchbot) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Updated spkg: http://boxen.math.washington.edu/home/jdemeyer/spkg/python-2.7.3.p2.spkg (diff: python-2.7.3.p2.diff)
Apply 13631_untar.patch to the Sage root repository.
Change History (11)
comment:1 Changed 8 years ago by
comment:2 Changed 8 years ago by
Hugh, could you provide the same information as Volker (umask
, group ids, permissions of the relevant directory).
Also, Volker and Hugh: which version of Sage are you talking about? In particular, is #13459 applied?
comment:3 Changed 8 years ago by
Looks like we should check the umask for python -c
comment:4 Changed 8 years ago by
- Priority changed from major to blocker
comment:5 Changed 8 years ago by
I was running 5.4.rc2.
I'm not sure which directory is relevant. The directory which it refused to run doctests in was one that had just been created by the patchbot, /home/hugh/sage-5.4.rc2/devel/sage-0. In that directory, I get the following:
hugh@hugh-laptop:~/sage-5.4.rc2/devel$ cd sage-0/ hugh@hugh-laptop:~/sage-5.4.rc2/devel/sage-0$ ls -ald . drwxrwxr-x 7 hugh hugh 4096 2012-10-20 22:45 . hugh@hugh-laptop:~/sage-5.4.rc2/devel/sage-0$ umask 0002 hugh@hugh-laptop:~/sage-5.4.rc2/devel/sage-0$ groups hugh adm dialout cdrom plugdev lpadmin admin sambashare hugh@hugh-laptop:~/sage-5.4.rc2/devel/sage-0$ id uid=1000(hugh) gid=1000(hugh) groups=1000(hugh),4(adm),20(dialout),24(cdrom),46(plugdev),105(lpadmin),119(admin),122(sambashare)
I don't know what the output from these commands means, so please let me know if you need more or different information.
comment:6 Changed 8 years ago by
I can get the same error without the patchbot.
hugh@hugh-laptop:~$ cd sage-5.4.rc2/devel/sage-main/ hugh@hugh-laptop:~/sage-5.4.rc2/devel/sage-main$ ../../sage -t sage/combinat/tableau.py Traceback (most recent call last): File "/home/hugh/sage-5.4.rc2/local/bin/sage-test", line 53, in <module> .format(os.getcwd())) RuntimeError: refusing to run doctests from the current directory '/home/hugh/sage-5.4.rc2/devel/sage-main' since untrusted users could put files in this directory, making it unsafe to run Sage code from
I get the same output from the above commands (ls, etc.) in sage-main as in sage-0.
It works fine if I run sage -t from ~/sage-5.4.rc2. There, I get:
hugh@hugh-laptop:~/sage-5.4.rc2$ ls -ald . drwxr-xr-x 9 hugh hugh 4096 2012-10-20 22:44 .
I get same error as above if I run sage -t from ~/sage-5.4.rc2/devel, where the output from ls -ald ., etc., looks very similar. to sage-5.4.rc2/devel/sage-main.
comment:7 Changed 8 years ago by
I'm talking about Sage-5.4.rc2 (which is the first one with your Python patch). The problem is the
if ((arg_stat.st_mode & 0022) == 0 && (program_stat.st_mode & 0022) == 0)
check, thats too restrictive. If you have your own group then its perfectly save to for the directory to be group-writable, and indeed Fedora sets you up with umask 0002
in that case.
comment:8 Changed 8 years ago by
- Description modified (diff)
Changed 8 years ago by
comment:9 Changed 8 years ago by
- Description modified (diff)
- Status changed from new to needs_review
I get the following warning when I install the patchbot (sage -i patchbot). This is on ubuntu 11.10.
However, the install appears to go okay.
When I try to run the patchbot, though, it complains (after the building process goes fine, apparently):