Thanks also Bart for reminding me of the other approach. (sorry I am
a bit distracted by home things at the moment). After some thought I
think it makes sense to change to the umask approach anyway, as it is more
efficient (fewer fork/execs), and also covers the case where the symlink
exists but the target does not yet, which the tempfile approach missed.
Uploaded again, I hope that this is my last change of mind now :-)
Thanks
Nick
diff -Nru nullmailer-1.11/debian/changelog nullmailer-1.11/debian/changelog
--- nullmailer-1.11/debian/changelog 2012-06-16 16:36:28.000000000 +0100
+++ nullmailer-1.11/debian/changelog 2012-08-21 09:01:40.000000000 +0100
@@ -1,3 +1,9 @@
+nullmailer (1:1.11-2) unstable; urgency=low
+
+ * Make 'remotes' not world-readable (Closes: #684619)
+
+ -- Nick Leverton <n...@leverton.org> Tue, 21 Aug 2012 09:01:38 +0100
+
nullmailer (1:1.11-1) unstable; urgency=low
* New upstream release
diff -Nru nullmailer-1.11/debian/postinst nullmailer-1.11/debian/postinst
--- nullmailer-1.11/debian/postinst 2012-05-16 08:25:36.000000000 +0100
+++ nullmailer-1.11/debian/postinst 2012-08-21 09:07:21.000000000 +0100
@@ -24,6 +24,15 @@
fi
db_get nullmailer/relayhost
+ # securely create nullmailer/remotes with mode 0600
+ if [ ! -e /etc/nullmailer/remotes ]
+ then
+ M=$( umask )
+ umask 077
+ > /etc/nullmailer/remotes
+ chown mail:mail /etc/nullmailer/remotes
+ umask $M
+ fi
echo "$RET" | sed -r -e ':a s/(\[[^]:]*):/\1=/; ta' \
-e 's/[[:space:]]*:[[:space:]]*/\n/g' \
-e ':b s/(\[[^]=]*)=/\1:/; tb' \
