Closed Bug 592512 Opened 14 years ago Closed 13 years ago

use unique resultfile for 'cfx run', not always /tmp/harness_result

Categories

(Add-on SDK Graveyard :: General, defect, P2)

Product:
Add-on SDK Graveyard
Component:
General
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: warner, Assigned: warner)

Details

Attachments

(2 files)

use unique tempfile for results and logfile
2.63 KB, patch
irakli
: review+
Details | Diff | Splinter Review
py2.5-safe patch
2.57 KB, patch
irakli
: review+
Details | Diff | Splinter Review 
python-lib/cuddlefish/runner.py (around line 248) uses the following code to
come up with a "resultfile" name: a file into which the spawned
firefox/xulrunner can write its test results for later processing:

  resultfile = os.path.join(tempfile.gettempdir(), 'harness_result')

This always uses "/tmp/harness_result", with two unfortunate consequences:

 1: two users on the same host cannot run "cfx test" or "cfx run" at the same
    time, since they'll overwrite each others resultfiles
 2: it enables a "symlink attack", in which an attacker does something like
    "ln -s /tmp/harness_result ~you/.ssh/id_dsa" and tricks you into
    corrupting or deleting your private key, even though they cannot touch
    that file directly. Other forms of this attack are even worse, such as if
    the contents of the resultfile are interpreted by some other tool in a
    troubling way (think .rhosts). Sometimes this attack requires winning a
    race, in which the attacker keeps re-creating the symlink in a tight
    loop, but that's pretty easy in practice.

Both problems are fixed by using unguessable/unique tempfile names. (it is
also a good idea to put these tempfiles in the user's home directory, rather
than in a shared world-writable /tmp directory).

runner.py should be changed to use:

 f = tempfile.NamedTemporaryFile(prefix="harness-result-", delete=False)
 f.close()
 resultfile = f.name
 ... # run xulrunner, tell it to write into resultfile
 ... # read from resultfile
 os.unlink(resultfile)

The code that manages "harness_log" should be changed in the same way.
The Add-on SDK is no longer a Mozilla Labs experiment and has become a big enough project to warrant its own Bugzilla product, so the "Add-on SDK" product has been created for it, and I am moving its bugs to that product.

To filter bugmail related to this change, filter on the word "looptid".
Component: Jetpack SDK → General
Product: Mozilla Labs → Add-on SDK
QA Contact: jetpack-sdk → general
Version: Trunk → unspecified
Priority: -- → P2
Target Milestone: --- → 1.0
Assignee: nobody → warner-bugzilla
Status: NEW → ASSIGNED

        Attachment #531202 -
        Flags: review?(rFobic)

    
    

    
  
Oh, BTW, this patch is also in my '592512-resultfile' branch on github.

    
    

    
  
Comment on attachment 531202 [details] [diff] [review]
use unique tempfile for results and logfile

Review of attachment 531202 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good, thanks!

        Attachment #531202 -
        Flags: review?(rFobic) → review+

    
    

    
  
Great, landed in https://github.com/mozilla/addon-sdk/commit/214de059d9b168ea83fc0d604d433f882c1b192a
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

    
    

    
  
Whoops, it turns out that my patch introduced a dependency upon python2.6 (since NamedTemporaryFile didn't acquire a delete= argument until py2.6), making tests fail on our py2.5 buildbots. Reverted in https://github.com/mozilla/addon-sdk/commit/3ec8553ceaffbc2e8ac858864bea295e98bf08dd . I'll work on a py2.5-safe patch.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  

      
      
      
      

        Attached patch
          
          
        py2.5-safe patchSplinter Review
      

    


  
Also visible as https://github.com/mozilla/addon-sdk/pull/169

This version is good for pythons all the way back to 2.3 .

        Attachment #533104 -
        Flags: review?(rFobic)

    
    

    
  
Comment on attachment 533104 [details] [diff] [review]
py2.5-safe patch

Review of attachment 533104 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good

        Attachment #533104 -
        Flags: review?(rFobic) → review+

    
    

    
  
Comment on attachment 533104 [details] [diff] [review]
py2.5-safe patch

Review of attachment 533104 [details] [diff] [review]:
-----------------------------------------------------------------

https://wiki.mozilla.org/User:Gilma.gamez

    
    

    
  
Great, landed in https://github.com/mozilla/addon-sdk/commit/e74ca6441a8fdeb44052b1ac138b8f6751781699 .
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: