On 11/29/2013 06:48 PM, Pádraig Brady wrote:

> To summarize, it,
> only runs with: make EXPENSIVE=yes check,
> only runs as non root,
> ensures file & dir removal bypass work in a safe context first
> 
> Do you still think it's too dangerous?

I think we've done a great job at writing a very robust test that exits
early if not all preconditions of safety can be met (the most important
of which is that using rm under LD_PRELOAD on a safe file leaves the
file untouched, proving that we correctly avoided the right system call)
- I see no issue with including the test by default, nor any reason to
scare users into only running the test in a chroot jail.  I actually
think the timeout to limit to 2 seconds is a bit of overkill, but it's
fine to be over-conservative and leave it in.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org