From 5cf5ff4e55b031df19cec2dbadf17301eedca793 Mon Sep 17 00:00:00 2001 From: bwarsaw Date: Wed, 24 Nov 1999 23:05:00 +0000 Subject: checkarchivedbs(): New permissions test which makes sure that archives/private//database is other 000. --- bin/check_perms | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'bin/check_perms') diff --git a/bin/check_perms b/bin/check_perms index e1b8908f2..db321f1a1 100755 --- a/bin/check_perms +++ b/bin/check_perms @@ -104,6 +104,26 @@ def checkarchives(): print +def checkarchivedbs(): + # The archives/private/listname/database file must not be other readable + # or executable otherwise those files will be accessible when the archives + # are public. That may not be a horrible breach, but let's close this off + # anyway. + for dir in os.listdir(mm_cfg.PRIVATE_ARCHIVE_FILE_DIR): + if dir[-5:] == '.mbox': + continue + dbdir = os.path.join(mm_cfg.PRIVATE_ARCHIVE_FILE_DIR, dir, 'database') + mode = statmode(dbdir) + if mode & S_IRWXO: + STATE.ERRORS = STATE.ERRORS + 1 + print dbdir, 'must be other 000' + if STATE.FIX: + print '(fixing)' + os.chmod(dbdir, mode & ~S_IRWXO) + else: + print + + def checkcgi(): exes = os.listdir(mm_cfg.CGI_DIR) for f in exes: @@ -177,6 +197,7 @@ if __name__ == '__main__': checkall() checkarchives() + checkarchivedbs() checkcgi() checkmail() checkadminpw() -- cgit v1.2.3-70-g09d2