-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runtime: TestSUID hangs with "Password" prompt on FreeBSD #70702
Comments
Related Issues (Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.) |
It appears that the hang is in another test that is run as part of all.bash. Running the runtime tests alone with '../bin/go test runtime' (from the src/ directory of a current git tip) doesn't hang (but has other failures). During all.bash, the hang comes from net's TestDialParallelSpuriousConnection test. However, running the runtime tests alone shows two failures: first, that the Password: prompt is printed in things, and second that running su here mangles my tty attributes when I'm running all.bash from an interactive shell (turning off echo and other things). I am in group wheel but I don't have passwordless su enabled on this machine.
It's my personal opinion as a sysadmin that tests should not blindly run su even if it produces no output and doesn't mangle the tty settings, because security systems may well react to failed su's to root or improper su's (su being run by people who aren't supposed to use it).
|
FreeBSD has a I agree that ideally a test should not invoke |
The FreeBSD `doas` is only available as an optional pkg package and isn't part of the base system, so I don't think you can count on it being present. Installing the doas package and patching runtime/security_test.go to use it does avoid this su failure.
|
Thanks. I filed #70708 to ask for doas to be installed on builders. When that happens we can change the test to use it, and avoid this problem. |
Change https://go.dev/cl/634156 mentions this issue: |
The However, without a config file, all it prints is
I am hesitant to give the swarming user the right to run all commands as root. In addition, the LUCI infrastructure already uses |
We could potentially try both doas and sudo, but of course it is possible that neither works. This seems like a test that we want an assertion that it isn't skipped on some builder we know is properly configured. |
@siebenmann reports that
all.bash
hangs with a "Password:" prompt on their FreeBSD machine due toruntime.TestSUID
'ssu
call.Our FreeBSD builders allow
su
with no password (I think because our user is in thewheel
group?). Presumably real FreeBSD systems don't put the main user inwheel
. Or maybesu
is asking for the password of the primary user? I'm not sure how this configuration works.On my Linux workstation, the test skips as
su
seems to automatically exit with error (detects a non-interactive stdin perhaps?). Perhaps FreeBSD'ssu
doesn't do this?cc @golang/freebsd @rolandshoemaker
The text was updated successfully, but these errors were encountered: