Skip to content

Commit 7f78441

Browse files
DemiMarieDemiMarie
committed
Add test for unsetting QREXEC_* variables
QREXEC_SERVICE_ARGUMENT, QREXEC_REQUESTED_TARGET, and QREXEC_REQUESTED_TARGET_KEYWORD should not be in the environment of the child process unless explicitly set by the qrexec call. The current code fails to unset them.
1 parent d5d7184 commit 7f78441

File tree

2 files changed

+37
-2
lines changed

2 files changed

+37
-2
lines changed

qrexec/tests/socket/agent.py

+36
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,9 @@ def start_agent(self):
5858
env["LD_LIBRARY_PATH"] = os.path.join(ROOT_PATH, "libqrexec")
5959
env["VCHAN_DOMAIN"] = str(self.domain)
6060
env["VCHAN_SOCKET_DIR"] = self.tempdir
61+
env["QREXEC_SERVICE_ARGUMENT"] = "%did_not_get_unset"
62+
env["QREXEC_REQUESTED_TARGET_KEYWORD"] = "%did_not_get_unset"
63+
env["QREXEC_REQUESTED_TARGET"] = "%did_not_get_unset"
6164
env["QREXEC_SERVICE_PATH"] = ":".join(
6265
[
6366
os.path.join(self.tempdir, "local-rpc"),
@@ -341,6 +344,39 @@ def test_exec_service(self):
341344
],
342345
)
343346

347+
@unittest.expectedFailure
348+
def test_exec_service_keyword(self):
349+
util.make_executable_service(
350+
self.tempdir,
351+
"rpc",
352+
"qubes.Service",
353+
"""\
354+
#!/bin/sh -e
355+
printf %s\\\\n "arg: ${1+bad}, remote domain: $QREXEC_REMOTE_DOMAIN" \
356+
"target name: ${QREXEC_REQUESTED_TARGET-NONAME}" \
357+
"target keyword: ${QREXEC_REQUESTED_TARGET_KEYWORD-NOKEYWORD}" \
358+
${QREXEC_REQUESTED_TARGET_TYPE+"target type: '${QREXEC_REQUESTED_TARGET_TYPE}'"} \
359+
${QREXEC_SERVICE_ARGUMENT+"call argument: '${QREXEC_SERVICE_ARGUMENT}'"}
360+
""",
361+
)
362+
target, dom0 = self.execute_qubesrpc("qubes.Service", "domX")
363+
target.send_message(qrexec.MSG_DATA_STDIN, b"")
364+
messages = target.recv_all_messages()
365+
self.assertListEqual(
366+
util.sort_messages(messages),
367+
[
368+
(qrexec.MSG_DATA_STDOUT, b"""arg: , remote domain: domX
369+
target name: NONAME
370+
target keyword: NOKEYWORD
371+
target type: ''
372+
"""),
373+
(qrexec.MSG_DATA_STDOUT, b""),
374+
(qrexec.MSG_DATA_STDERR, b""),
375+
(qrexec.MSG_DATA_EXIT_CODE, b"\0\0\0\0"),
376+
],
377+
)
378+
self.check_dom0(dom0)
379+
344380
def test_exec_service_with_config(self):
345381
util.make_executable_service(
346382
self.tempdir,

run-tests

+1-2
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,7 @@ else
2525
export SKIP_SOCKET_TESTS=1
2626
fi
2727

28-
set -x
29-
3028
if [[ "$#" = 0 ]]; then set -- -v qrexec/tests; fi
3129

30+
set -x
3231
python3 -m coverage run -m pytest -o 'python_files=*.py' "$@"

0 commit comments

Comments
 (0)