|
|
9f47f6 |
From 65cfebb041c454c246aaf32a177b0243915a9998 Mon Sep 17 00:00:00 2001
|
|
|
9f47f6 |
From: fatkodima <fatkodima123@gmail.com>
|
|
|
9f47f6 |
Date: Fri, 1 Nov 2019 23:06:10 +0200
|
|
|
9f47f6 |
Subject: [PATCH] Don't use insecure temporary directory as home directory
|
|
|
9f47f6 |
|
|
|
9f47f6 |
---
|
|
|
9f47f6 |
lib/bundler.rb | 29 +++++++++++---------------
|
|
|
9f47f6 |
spec/bundler/bundler_spec.rb | 38 +++++++++--------------------------
|
|
|
9f47f6 |
spec/bundler/settings_spec.rb | 2 +-
|
|
|
9f47f6 |
3 files changed, 22 insertions(+), 47 deletions(-)
|
|
|
9f47f6 |
|
|
|
9f47f6 |
diff --git a/lib/bundler.rb b/lib/bundler.rb
|
|
|
9f47f6 |
index 2ada6fe7891..b184f7e69c6 100644
|
|
|
9f47f6 |
--- a/lib/bundler.rb
|
|
|
9f47f6 |
+++ b/lib/bundler.rb
|
|
|
9f47f6 |
@@ -170,8 +170,7 @@ def user_home
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
|
|
|
9f47f6 |
if warning
|
|
|
9f47f6 |
- Kernel.send(:require, "etc")
|
|
|
9f47f6 |
- user_home = tmp_home_path(Etc.getlogin, warning)
|
|
|
9f47f6 |
+ user_home = tmp_home_path(warning)
|
|
|
9f47f6 |
Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
|
|
|
9f47f6 |
user_home
|
|
|
9f47f6 |
else
|
|
|
9f47f6 |
@@ -180,21 +180,6 @@ def user_home
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
|
|
|
9f47f6 |
- def tmp_home_path(login, warning)
|
|
|
9f47f6 |
- login ||= "unknown"
|
|
|
9f47f6 |
- Kernel.send(:require, "tmpdir")
|
|
|
9f47f6 |
- path = Pathname.new(Dir.tmpdir).join("bundler", "home")
|
|
|
9f47f6 |
- SharedHelpers.filesystem_access(path) do |tmp_home_path|
|
|
|
9f47f6 |
- unless tmp_home_path.exist?
|
|
|
9f47f6 |
- tmp_home_path.mkpath
|
|
|
9f47f6 |
- tmp_home_path.chmod(0o777)
|
|
|
9f47f6 |
- end
|
|
|
9f47f6 |
- tmp_home_path.join(login).tap(&:mkpath)
|
|
|
9f47f6 |
- end
|
|
|
9f47f6 |
- rescue RuntimeError => e
|
|
|
9f47f6 |
- raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
|
|
|
9f47f6 |
- end
|
|
|
9f47f6 |
-
|
|
|
9f47f6 |
def user_bundle_path(dir = "home")
|
|
|
9f47f6 |
env_var, fallback = case dir
|
|
|
9f47f6 |
when "home"
|
|
|
9f47f6 |
@@ -555,6 +555,17 @@ def configure_gem_home
|
|
|
9f47f6 |
Bundler.rubygems.clear_paths
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
|
|
|
9f47f6 |
+ def tmp_home_path(warning)
|
|
|
9f47f6 |
+ Kernel.send(:require, "tmpdir")
|
|
|
9f47f6 |
+ SharedHelpers.filesystem_access(Dir.tmpdir) do
|
|
|
9f47f6 |
+ path = Bundler.tmp
|
|
|
9f47f6 |
+ at_exit { Bundler.rm_rf(path) }
|
|
|
9f47f6 |
+ path
|
|
|
9f47f6 |
+ end
|
|
|
9f47f6 |
+ rescue RuntimeError => e
|
|
|
9f47f6 |
+ raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
|
|
|
9f47f6 |
+ end
|
|
|
9f47f6 |
+
|
|
|
9f47f6 |
# @param env [Hash]
|
|
|
9f47f6 |
def with_env(env)
|
|
|
9f47f6 |
backup = ENV.to_hash
|
|
|
9f47f6 |
diff --git a/spec/bundler/bundler/bundler_spec.rb b/spec/bundler/bundler/bundler_spec.rb
|
|
|
9f47f6 |
index 74cf7ae05d3..247838600bf 100644
|
|
|
9f47f6 |
--- a/spec/bundler/bundler/bundler_spec.rb
|
|
|
9f47f6 |
+++ b/spec/bundler/bundler/bundler_spec.rb
|
|
|
9f47f6 |
@@ -233,16 +233,13 @@
|
|
|
9f47f6 |
path = "/home/oggy"
|
|
|
9f47f6 |
allow(Bundler.rubygems).to receive(:user_home).and_return(path)
|
|
|
9f47f6 |
allow(File).to receive(:directory?).with(path).and_return false
|
|
|
9f47f6 |
- allow(Etc).to receive(:getlogin).and_return("USER")
|
|
|
9f47f6 |
- allow(Dir).to receive(:tmpdir).and_return("/TMP")
|
|
|
9f47f6 |
- allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true)
|
|
|
9f47f6 |
- expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER")
|
|
|
9f47f6 |
+ allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom"))
|
|
|
9f47f6 |
message = <
|
|
|
9f47f6 |
`/home/oggy` is not a directory.
|
|
|
9f47f6 |
-Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily.
|
|
|
9f47f6 |
+Bundler will use `/tmp/trulyrandom' as your home directory temporarily.
|
|
|
9f47f6 |
EOF
|
|
|
9f47f6 |
expect(Bundler.ui).to receive(:warn).with(message)
|
|
|
9f47f6 |
- expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER"))
|
|
|
9f47f6 |
+ expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom"))
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
|
|
|
0bc38e |
@@ -255,16 +252,13 @@
|
|
|
9f47f6 |
allow(File).to receive(:directory?).with(path).and_return true
|
|
|
9f47f6 |
allow(File).to receive(:writable?).with(path).and_return false
|
|
|
9f47f6 |
allow(File).to receive(:directory?).with(dotbundle).and_return false
|
|
|
9f47f6 |
- allow(Etc).to receive(:getlogin).and_return("USER")
|
|
|
9f47f6 |
- allow(Dir).to receive(:tmpdir).and_return("/TMP")
|
|
|
9f47f6 |
- allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true)
|
|
|
9f47f6 |
- expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER")
|
|
|
9f47f6 |
+ allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom"))
|
|
|
9f47f6 |
message = <
|
|
|
9f47f6 |
`/home/oggy` is not writable.
|
|
|
9f47f6 |
-Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily.
|
|
|
9f47f6 |
+Bundler will use `/tmp/trulyrandom' as your home directory temporarily.
|
|
|
9f47f6 |
EOF
|
|
|
9f47f6 |
expect(Bundler.ui).to receive(:warn).with(message)
|
|
|
9f47f6 |
- expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER"))
|
|
|
9f47f6 |
+ expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom"))
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
|
|
|
9f47f6 |
context ".bundle exists and have correct permissions" do
|
|
|
9f47f6 |
@@ -283,31 +277,17 @@
|
|
|
9f47f6 |
context "home directory is not set" do
|
|
|
9f47f6 |
it "should issue warning and return a temporary user home" do
|
|
|
9f47f6 |
allow(Bundler.rubygems).to receive(:user_home).and_return(nil)
|
|
|
9f47f6 |
- allow(Etc).to receive(:getlogin).and_return("USER")
|
|
|
9f47f6 |
- allow(Dir).to receive(:tmpdir).and_return("/TMP")
|
|
|
9f47f6 |
- allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true)
|
|
|
9f47f6 |
- expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER")
|
|
|
9f47f6 |
+ allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom"))
|
|
|
9f47f6 |
message = <
|
|
|
9f47f6 |
Your home directory is not set.
|
|
|
9f47f6 |
-Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily.
|
|
|
9f47f6 |
+Bundler will use `/tmp/trulyrandom' as your home directory temporarily.
|
|
|
9f47f6 |
EOF
|
|
|
9f47f6 |
expect(Bundler.ui).to receive(:warn).with(message)
|
|
|
9f47f6 |
- expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER"))
|
|
|
9f47f6 |
+ expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom"))
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
end
|
|
|
9f47f6 |
|
|
|
9f47f6 |
- describe "#tmp_home_path" do
|
|
|
9f47f6 |
- it "should create temporary user home" do
|
|
|
9f47f6 |
- allow(Dir).to receive(:tmpdir).and_return("/TMP")
|
|
|
9f47f6 |
- allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(false)
|
|
|
9f47f6 |
- expect(FileUtils).to receive(:mkpath).once.ordered.with("/TMP/bundler/home")
|
|
|
9f47f6 |
- expect(FileUtils).to receive(:mkpath).once.ordered.with("/TMP/bundler/home/USER")
|
|
|
9f47f6 |
- expect(File).to receive(:chmod).with(0o777, "/TMP/bundler/home")
|
|
|
9f47f6 |
- expect(Bundler.tmp_home_path("USER", "")).to eq(Pathname("/TMP/bundler/home/USER"))
|
|
|
9f47f6 |
- end
|
|
|
9f47f6 |
- end
|
|
|
9f47f6 |
-
|
|
|
9f47f6 |
describe "#requires_sudo?" do
|
|
|
9f47f6 |
let!(:tmpdir) { Dir.mktmpdir }
|
|
|
9f47f6 |
let(:bundle_path) { Pathname("#{tmpdir}/bundle") }
|
|
|
9f47f6 |
diff --git a/spec/bundler/bundler/settings_spec.rb b/spec/bundler/bundler/settings_spec.rb
|
|
|
9f47f6 |
index 7e1dadded76..2a285fdcf37 100644
|
|
|
9f47f6 |
--- a/spec/bundler/bundler/settings_spec.rb
|
|
|
9f47f6 |
+++ b/spec/bundler/bundler/settings_spec.rb
|
|
|
9f47f6 |
@@ -67,7 +67,7 @@
|
|
|
9f47f6 |
context "when $TMPDIR is not writable" do
|
|
|
9f47f6 |
it "does not raise" do
|
|
|
9f47f6 |
expect(Bundler.rubygems).to receive(:user_home).twice.and_return(nil)
|
|
|
9f47f6 |
- expect(FileUtils).to receive(:mkpath).twice.with(File.join(Dir.tmpdir, "bundler", "home")).and_raise(Errno::EROFS, "Read-only file system @ dir_s_mkdir - /tmp/bundler")
|
|
|
9f47f6 |
+ expect(Bundler).to receive(:tmp).twice.and_raise(Errno::EROFS, "Read-only file system @ dir_s_mkdir - /tmp/bundler")
|
|
|
9f47f6 |
|
|
|
9f47f6 |
expect(subject.send(:global_config_file)).to be_nil
|
|
|
9f47f6 |
end
|