Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68307

Improve documentation and testing around executables in Moodle



    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.9
    • None
    • Filters, Installation
    • None


      I've hardened a test Moodle installation per https://docs.moodle.org/38/en/Security_recommendations#Most_secure.2Fparanoid_file_permissions and noted that I'm now seeing a variation of MDL-54635:

      2) core_admintree_testcase::test_admin_setting_configexecutable
      Failed asserting that '<div class="form-item row" id="admin-test1">\n
      <div class="form-label col-sm-3 text-sm-right">\n
      <label for="id_s__test1">\n
      Text 1\n
      <span class="form-shortname d-block small text-muted">test1</span>\n
      <div class="form-setting col-sm-9">\n
      <div class="form-file defaultsnext">\n
      <div class="form-inline">\n
      <input type="text" name="s_test1" id="id_s_test1" size="50" value="/var/www/moodletest/public/filter/tex/mimetex.darwin" class="form-control text-ltr" >\n
      <span class="text-danger">✘</span>\n
      <div class="form-defaultinfo text-muted text-ltr">Default: Empty</div>\n
      <div class="form-description mt-3"><p>Help Path</p>\n
      </div>' matches PCRE pattern "/class="text-success"/".
      To re-run:
      vendor/bin/phpunit "core_admintree_testcase" lib/tests/admintree_test.php

      There appear to be five files, after MDL-26623, that still have u+x set in the git repository:


      These are files that were mentioned in MDL-4168.

      My questions are these:

      1. Are these the only files within the code repository that Moodle expects to be executable? If yes, where should that be documented? (Security recommendations would seem to be one place; installation might be another).
      2. Given that the Algebra filter is apparently deprecated in favor of MathJax, should it be executable by default?
      3. Given that mimetex is a fallback in favor of other, external LaTex renderers, to say nothing of MathJax, should it be executable by default?
      4. Should there be a unit test capturing the state of 2 and 3? It's a little weird that the test_admin_setting_configexecutable test trips on mimetex and not algebra2tex, although the latter does ship the filter/algebra/algebradebug.php script that reports on permissions.
      5. Should the existing unit test in test_admin_setting_configexecutable be extended with an explicit check for Linux and FreeBSD, assuming $CFG->ostype supports them (I'm not familiar with the constant)?






            Unassigned Unassigned
            cfulton Charles Fulton
            David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
            3 Vote for this issue
            5 Start watching this issue