From 2447861913835637bbf49d96728ce9ac6ab0ae22 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 23 Feb 2022 22:30:45 +0100
Subject: interimap, pullimap: Ensure DB and statefiles are created with mode
 0600.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It wasn't the case for interimap(1), see https://bugs.debian.org/608604 …
Fortunately we create $XDG_DATA_HOME/interimap with a secure mode, but
there is no reason to have the DB world-readable.  Since we can't rely
on SQLITE_OPEN_CREATE for secure mode we use sysopen(,,O_CREAT,0600).
---
 tests/run | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'tests/run')

diff --git a/tests/run b/tests/run
index 230ca83..eed77df 100755
--- a/tests/run
+++ b/tests/run
@@ -228,13 +228,16 @@ _interimap_cmd() {
 }
 interimap_init() {
     local u="${1-remote}"
-    local db="$XDG_DATA_HOME/interimap/$u.db"
+    local db="$XDG_DATA_HOME/interimap/$u.db" st
     local cfg="config${u#remote}"
 
     test \! -e "$db"          || error "Database already exists" 1
     interimap --config "$cfg" || error "Couldn't initialize interimap" 1
     test -f "$db"             || error "Database is still missing" 1
     grep -Fx "Creating new schema in database file $db" <"$STDERR" || error "DB wasn't created" 1
+    if ! st="$(stat -c"%#a" -- "$db")" || [ "$st" != "0600" ]; then
+        error "$db has mode $st != 0600" 1
+    fi
 }
 doveadm() {
     if [ $# -le 2 ] || [ "$1" != "-u" ]; then
-- 
cgit v1.2.3