From 2447861913835637bbf49d96728ce9ac6ab0ae22 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 23 Feb 2022 22:30:45 +0100 Subject: interimap, pullimap: Ensure DB and statefiles are created with mode 0600. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It wasn't the case for interimap(1), see https://bugs.debian.org/608604 … Fortunately we create $XDG_DATA_HOME/interimap with a secure mode, but there is no reason to have the DB world-readable. Since we can't rely on SQLITE_OPEN_CREATE for secure mode we use sysopen(,,O_CREAT,0600). --- tests/run | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'tests/run') diff --git a/tests/run b/tests/run index 230ca83..eed77df 100755 --- a/tests/run +++ b/tests/run @@ -228,13 +228,16 @@ _interimap_cmd() { } interimap_init() { local u="${1-remote}" - local db="$XDG_DATA_HOME/interimap/$u.db" + local db="$XDG_DATA_HOME/interimap/$u.db" st local cfg="config${u#remote}" test \! -e "$db" || error "Database already exists" 1 interimap --config "$cfg" || error "Couldn't initialize interimap" 1 test -f "$db" || error "Database is still missing" 1 grep -Fx "Creating new schema in database file $db" <"$STDERR" || error "DB wasn't created" 1 + if ! st="$(stat -c"%#a" -- "$db")" || [ "$st" != "0600" ]; then + error "$db has mode $st != 0600" 1 + fi } doveadm() { if [ $# -le 2 ] || [ "$1" != "-u" ]; then -- cgit v1.2.3