Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68307

Improve documentation and testing around executables in Moodle

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.9
    • Fix Version/s: None
    • Component/s: Filters, Installation
    • Labels:
      None
    • Affected Branches:
      MOODLE_39_STABLE

      Description

      I've hardened a test Moodle installation per https://docs.moodle.org/38/en/Security_recommendations#Most_secure.2Fparanoid_file_permissions and noted that I'm now seeing a variation of MDL-54635:

      2) core_admintree_testcase::test_admin_setting_configexecutable
      Failed asserting that '<div class="form-item row" id="admin-test1">\n
      <div class="form-label col-sm-3 text-sm-right">\n
      <label for="id_s__test1">\n
      Text 1\n
      </label>\n
      <span class="form-shortname d-block small text-muted">test1</span>\n
      </div>\n
      <div class="form-setting col-sm-9">\n
      <div class="form-file defaultsnext">\n
      <div class="form-inline">\n
      <input type="text" name="s_test1" id="id_s_test1" size="50" value="/var/www/moodletest/public/filter/tex/mimetex.darwin" class="form-control text-ltr" >\n
      <span class="text-danger">✘</span>\n
      </div>\n
      </div>\n
      <div class="form-defaultinfo text-muted text-ltr">Default: Empty</div>\n
      <div class="form-description mt-3"><p>Help Path</p>\n
      </div>\n
      \n
      </div>\n
      </div>' matches PCRE pattern "/class="text-success"/".
      /var/www/moodletest/public/lib/tests/admintree_test.php:180
      /var/www/moodletest/public/lib/phpunit/classes/advanced_testcase.php:80
      To re-run:
      vendor/bin/phpunit "core_admintree_testcase" lib/tests/admintree_test.php

      There appear to be five files, after MDL-26623, that still have u+x set in the git repository:

      ./filter/tex/mimetex.freebsd
      ./filter/tex/mimetex.linux
      ./filter/tex/mimetex.exe
      ./filter/tex/mimetex.darwin
      ./filter/algebra/algebra2tex.pl

      These are files that were mentioned in MDL-4168.

      My questions are these:

      1. Are these the only files within the code repository that Moodle expects to be executable? If yes, where should that be documented? (Security recommendations would seem to be one place; installation might be another).
      2. Given that the Algebra filter is apparently deprecated in favor of MathJax, should it be executable by default?
      3. Given that mimetex is a fallback in favor of other, external LaTex renderers, to say nothing of MathJax, should it be executable by default?
      4. Should there be a unit test capturing the state of 2 and 3? It's a little weird that the test_admin_setting_configexecutable test trips on mimetex and not algebra2tex, although the latter does ship the filter/algebra/algebradebug.php script that reports on permissions.
      5. Should the existing unit test in test_admin_setting_configexecutable be extended with an explicit check for Linux and FreeBSD, assuming $CFG->ostype supports them (I'm not familiar with the constant)?

       

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            cfulton Charles Fulton
            Participants:
            Component watchers:
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Matteo Scaramuccia, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: