From 2447861913835637bbf49d96728ce9ac6ab0ae22 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 23 Feb 2022 22:30:45 +0100
Subject: interimap, pullimap: Ensure DB and statefiles are created with mode
 0600.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It wasn't the case for interimap(1), see https://bugs.debian.org/608604 …
Fortunately we create $XDG_DATA_HOME/interimap with a secure mode, but
there is no reason to have the DB world-readable.  Since we can't rely
on SQLITE_OPEN_CREATE for secure mode we use sysopen(,,O_CREAT,0600).
---
 tests/pullimap/t | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'tests/pullimap/t')

diff --git a/tests/pullimap/t b/tests/pullimap/t
index 0dfe634..7998cdc 100644
--- a/tests/pullimap/t
+++ b/tests/pullimap/t
@@ -6,6 +6,13 @@ step_start "\`pullimap --idle\` refuses to create the state file"
 ! pullimap --idle "remote" || error
 step_done
 
+step_start "\`pullimap\` creates statefile with mode 0600"
+pullimap "remote" || error
+if ! st="$(stat -c"%#a" -- "$XDG_DATA_HOME/pullimap/remote")" || [ "$st" != "0600" ]; then
+    error "$XDG_DATA_HOME/pullimap/remote has mode $st != 0600"
+fi
+step_done
+
 # compare mailboxes (can't compare the RFC 3501 TEXT as the LMTPd inconditionally
 # adds a Return-Path: header -- and also Delivered-To: and Received: to by default)
 list_mails_sha256() {
-- 
cgit v1.2.3