These tests perform no PATH search, and used to simply delete PATH from
the environment. However, that is not portable, as seen on Cygwin,
where cygwin.dll must be resolvable via PATH when starting a sub-shell.
With commit
0cc04241, we took the alternate approach of untainting the
incoming $ENV{PATH}, but that fails when it contains an other-writable
directory. Instead, now we hard code it to '/bin:/usr/bin'.
* tests/misc/pwd-long: Hard code $ENV{PATH} to a safe value.
* tests/rm/fail-eperm: Likewise.
Reported by Gilles Espinasse, Andreas Schwab, and Bauke Jan Douma.
# Set up a safe, well-known environment
delete @ENV{qw(BASH_ENV CDPATH ENV)};
$ENV{IFS} = '';
-# PATH is tricky - we can't just clear it, or cygwin will fail. But we
-# can't use it as-is, or taint checking in `` will stop us. For this
-# script, it is enough to scrub the incoming $PATH first.
-$ENV{'PATH'} =~ /(.*)/;
-$ENV{'PATH'} = "$1";
+
+# Taint checking requires a sanitized $PATH. This script performs no $PATH
+# search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
+# However, on Cygwin, it's used to find cygwin.dll, so set it.
+$ENV{PATH} = '/bin:/usr/bin';
# Save CWD's device and inode numbers.
my ($dev, $ino) = (stat '.')[0, 1];
# Set up a safe, well-known environment
delete @ENV{qw(BASH_ENV CDPATH ENV)};
$ENV{IFS} = '';
-# PATH is tricky - we can't just clear it, or cygwin will fail. But we
-# can't use it as-is, or taint checking in `` will stop us. For this
-# script, it is enough to scrub the incoming $PATH first.
-$ENV{'PATH'} =~ /(.*)/;
-$ENV{'PATH'} = "$1";
+
+# Taint checking requires a sanitized $PATH. This script performs no $PATH
+# search, so on most Unix-based systems, it is fine simply to clear $ENV{PATH}.
+# However, on Cygwin, it's used to find cygwin.dll, so set it.
+$ENV{PATH} = '/bin:/usr/bin';
my @dir_list = qw(/tmp /var/tmp /usr/tmp);
my $rm = "$ENV{abs_top_builddir}/src/rm";