From: Heiko Schlittermann (HS12) Date: Mon, 6 Apr 2015 21:29:33 +0000 (+0200) Subject: Testsuite: check the TRUSTED_CONFIG_LIST content X-Git-Tag: exim-4_86_RC1~64 X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/32ca7e2d3443b12a06aa0ae6bd21bfa8c27d031a?ds=sidebyside Testsuite: check the TRUSTED_CONFIG_LIST content The testsuite relies on trusted configs. Exim needs to be compiled with the TRUSTED_CONFIG_LIST option. The file mentioned in the TRUSTED_CONFIG_LIST needs to meet several conditions. --- diff --git a/test/runtest b/test/runtest index 0a2ede9ef..4247f8c53 100755 --- a/test/runtest +++ b/test/runtest @@ -2405,12 +2405,13 @@ symlink("$parm_cwd/confs/0000", "$parm_cwd/test-config") print("Probing with config file: $parm_cwd/test-config\n"); open(EXIMINFO, "$parm_exim -d -C $parm_cwd/test-config -DDIR=$parm_cwd " . - "-bP exim_user exim_group|") || + "-bP exim_user exim_group 2>&1|") || die "** Cannot run $parm_exim: $!\n"; while() { $parm_eximuser = $1 if /^exim_user = (.*)$/; $parm_eximgroup = $1 if /^exim_group = (.*)$/; + $parm_trusted_config_list = $1 if /^TRUSTED_CONFIG_LIST:.*?"(.*?)"$/; } close(EXIMINFO); @@ -2433,6 +2434,34 @@ if (defined $parm_eximgroup) else { $parm_exim_gid = getgrnam($parm_eximgroup); } } +# check the permissions on the TRUSTED_CONFIG_LIST +if (defined $parm_trusted_config_list) + { + die "TRUSTED_CONFIG_LIST: $parm_trusted_config_list: $!\n" + if not -f $parm_trusted_config_list; + + die "TRUSTED_CONFIG_LIST $parm_trusted_config_list must not be world writable!\n" + if 02 & (stat _)[2]; + + die sprintf "TRUSTED_CONFIG_LIST: $parm_trusted_config_list %d is group writable, but not owned by group '%s' or '%s'.\n", + (stat _)[1], + scalar(getgrgid 0), scalar(getgrgid $>) + if (020 & (stat _)[2]) and not ((stat _)[5] == $> or (stat _)[5] == 0); + + die sprintf "TRUSTED_CONFIG_LIST: $parm_trusted_config_list is not owned by user '%s' or '%s'.\n", + scalar(getpwuid 0), scalar(getpwuid $>) + if (not (-o _ or (stat _)[4] == 0)); + + open(TCL, $parm_trusted_config_list) or die "Can't open $parm_trusted_config_list: $!\n"; + my $test_config = getcwd() . '/test-config'; + die "Can't find '$test_config' in TRUSTED_CONFIG_LIST $parm_trusted_config_list." + if not grep { /^$test_config$/ } ; + } +else + { + die "Unable to check the TRUSTED_CONFIG_LIST, seems to be empty?\n"; + } + open(EXIMINFO, "$parm_exim -bV -C $parm_cwd/test-config -DDIR=$parm_cwd |") || die "** Cannot run $parm_exim: $!\n";