pytest icon indicating copy to clipboard operation
pytest copied to clipboard
verified publisher icon pytest-dev

tempdir hardening fails when filesystem doesn't track ownership

Open moroten opened this issue 1 year ago • 5 comments

#8516 verifies that tmpdir and tmp_path etc. are owned by the user. This fails on filesystems that do not track ownership.

In my use case, I am using Buildbarn's FUSE storage on Linux where ownership is always reported as 0. This has the benefit that actions reading the ownership, e.g. tar, will be deterministic.

My workaround is to use the following in my test file:

if __name__ == "__main__":
    sys.exit(pytest.main([
        "--basetemp",
        Path(os.environ["TEST_TMPDIR"]),
        __file__,
    ]))

Would it make sense to allow rootdir_stat.st_uid == 0 in src/_pytest/tmpdir.py? An alternative is to disable the check with an environment variable.

Related issues: #8414 and #10738.

moroten avatar Feb 05 '25 08:02 moroten

In this filesystem, you are able to write to a private directory which is reported as owned by another user? I'm surprised you are not having more issues.

Can you explain how the workaround fixes the issue for you?

bluetech avatar Feb 05 '25 08:02 bluetech

The file system is used inside a containerized environment (but is not necessary to be containerized. I'm able to write anywhere there and there is no other processes running there.

$ ls -la /tmp/
total 0
drwxrwxrwx. 1 root root 0 Feb  5 10:04 .
drwxrwxrwx. 1 root root 0 Feb  5 10:04 ..
$ id
uid=1007 gid=1007 groups=1007

Can you explain how the workaround fixes the issue for you?

When --basetemp is set, the id check is not performed at all: if self._given_basetemp is not None:

moroten avatar Feb 05 '25 10:02 moroten

Maybe we can also skip the check if PYTEST_DEBUG_TEMPROOT is set? The rationale being, the user explicitly pointed at there, let's assume they know what they're doing and don't need the extra safety check.

bluetech avatar Feb 05 '25 10:02 bluetech

That sounds like a good solution. I'll look at it after lunch.

moroten avatar Feb 05 '25 10:02 moroten

After thinking about your suggestion, it is not a perfect fit for my use case. I'm using Bazel to run the tests and I can set hard coded environment variables in the BUILD.bazel files. This means that I will set /tmp for Linux but what should I set on Windows? Bazel does provide TEST_TMPDIR, but then I need a wrapper to set PYTEST_DEBUG_TEMPROOT to either $TEST_TMPDIR or system default.

From our user experience, it would be easier to just disable the check with an new environment variable or to allow PYTEST_DEBUG_TEMPROOT=$env with the special case PYTEST_DEBUG_TEMPROOT=$TMPDIR also being resolved to Python default in the case TMPDIR is missing.

moroten avatar Feb 05 '25 16:02 moroten