This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: RFC: Test hook for nss_files testing

On 12/07/2015 05:55 PM, Carlos O'Donell wrote:

> I have two concerns.
> (1) Security.
> What security implications are there in exposing this interface?

I added a function that has to be called instead of an environment
variable precisely so that there are no security concerns.  The function
is prefixed with _nss_files, which is what we use for namespacing the
NSS service modules.

> (2) Test what we ship.
> We need to get away from build-tree testing and move to installed tree
> testing to verify that we are testing is what we are shipping.

My proposed tests do that, which is why there is a hook.  An alternative
would be to compile nss_files twice, with different settings.  But then
we aren't testing anymore what we are shipping.

> The testing would look like this:
> - Setup an installed tree.
> - Setup the test.
> - Run the test in some kind of isolation with configuration changes
>   made to the sysroot that would otherwise be impossible on the host.
> - Return status.
> - Repeat for all tests that need a sysroot e.g. ldconfig, network, nss...

I agree that installed-tree testing is better.  At least the nss_files
tests should be straightforward to migrate when installed-tree testing
arrives.  You just omit the path override, and copy the test files to
/etc in the test environment.

> A more appealing alternative would be to run the test under a systemtap
> script which did all the work of updating the paths to the databases
> without the hook changes.

I think this would be far more brittle and difficult to implement
because the existing path names are just string literals.  Run-time
patching also means that it's not really what we ship.  At that point,
we may be better off with something like cwrap, or an xtest with chroot.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]