|Summary:||app-admin/github-backup-utils[test]: leaks systemd service stop requests to system|
|Product:||Gentoo Linux||Reporter:||Michał Górny <mgorny>|
|Component:||Current packages||Assignee:||William Hubbs <williamh>|
|Package list:||Runtime testing required:||---|
Description Michał Górny 2021-06-20 07:40:51 UTC
While running the test suite, I repeatedly get a GUI window asking me for root password in order to 'stop consul.service'. Sounds like a major command leak. Not that I'm running such a service.
Comment 1 Mike Gilbert 2021-06-20 15:40:22 UTC
Several tests call "ghe-restore", which calls "ssh ... sudo systemctl stop consul". https://github.com/github/backup-utils/blob/v3.0.0/bin/ghe-restore#L301 As well, the tests use a wrapper script for ssh that removes any "sudo" calls and runs the commands locally. https://github.com/github/backup-utils/blob/v3.0.0/test/bin/ssh#L37 The end result is that "systemctl stop consul" gets executed directly as the portage user, which triggers a polkit prompt if portage is not running as root.
Comment 2 Mike Gilbert 2021-06-20 15:46:05 UTC
ghe-restore attempts to perform many privileged operations, and it doesn't look like it was really designed for use in an isolated test environment. I would recommend masking the test USE flag until/unless the tests can be made more safe for general use.