Mark Sapiro pushed to branch master at GNU Mailman / Mailman Core
Commits: e8f019fe by Mark Sapiro at 2021-07-22T03:16:44+00:00 Refuse to run mailman as root without --run_as_root option. - - - - - 407036f6 by Mark Sapiro at 2021-07-22T03:16:45+00:00 Merge branch 'mm' into 'master' Refuse to run mailman as root without --run_as_root option. Closes #920 and #776 See merge request mailman/mailman!894 - - - - - 3 changed files: - src/mailman/bin/mailman.py - src/mailman/bin/tests/test_mailman.py - src/mailman/docs/NEWS.rst Changes: ===================================== src/mailman/bin/mailman.py ===================================== @@ -16,6 +16,7 @@ # GNU Mailman. If not, see <https://www.gnu.org/licenses/>. """The 'mailman' command dispatcher.""" +import os import click from mailman.commands.cli_help import help as help_command @@ -103,6 +104,12 @@ def initialize_config(ctx, param, value): MAILMAN_CONFIG_FILE is consulted and used if set. If neither are given, a default configuration file is loaded."""), is_eager=True, callback=initialize_config) +@click.option( + '--run-as-root', + is_flag=True, default=False, + help=_("""\ + Running mailman commands as root is not recommended and mailman will + refuse to run as root unless this option is specified.""")) @click.group( cls=Subcommands, context_settings=dict(help_option_names=['-h', '--help']), @@ -110,13 +117,17 @@ def initialize_config(ctx, param, value): @click.pass_context @click.version_option(MAILMAN_VERSION_FULL, message='%(version)s') @public -def main(ctx, config_file): +def main(ctx, config_file, run_as_root): # XXX https://github.com/pallets/click/issues/303 """\ The GNU Mailman mailing list management system Copyright 1998-2018 by the Free Software Foundation, Inc. http://www.list.org """ + # Only run as root if allowed. + if os.geteuid() == 0 and not run_as_root: + raise click.UsageError(_("""\ + If you are sure you want to run as root, specify --run-as-root.""")) # click handles dispatching to the subcommand via the Subcommands class. if ctx.invoked_subcommand is None: ctx.invoke(help_command) ===================================== src/mailman/bin/tests/test_mailman.py ===================================== @@ -33,6 +33,10 @@ from mailman.utilities.modules import add_components from unittest.mock import patch +def mock_euid(): + return 0 + + class TestMailmanCommand(unittest.TestCase): layer = ConfigLayer @@ -111,3 +115,20 @@ class TestMailmanCommand(unittest.TestCase): # The volume and number haven't changed. self.assertEqual(mlist.volume, 5) self.assertEqual(mlist.next_digest_number, 3) + + @patch('mailman.bin.mailman.initialize') + @patch('os.geteuid', mock_euid) + def test_wont_run_as_root(self, mock): + result = self._command.invoke(main) + self.assertIn( + 'Error: If you are sure you want to run as root, ' + 'specify --run-as-root.', + result.output) + self.assertNotEqual(result.exit_code, 0) + + @patch('mailman.bin.mailman.initialize') + @patch('os.geteuid', mock_euid) + def test_will_run_as_root_with_option(self, mock): + result = self._command.invoke(main, ('--run-as-root')) + self.assertNotIn('Error:', result.output) + self.assertEqual(result.exit_code, 0) ===================================== src/mailman/docs/NEWS.rst ===================================== @@ -99,6 +99,8 @@ Command line (Closes #861) * The ``notify`` subcommand now handles unicode errors in decoding RFC 2047 encoded subject headers. (Closes #915) +* The ``mailman`` command will refuse to run as root unless the new + ``--run-as-root`` option is specified. (Closes #776 and #920) REST ---- View it on GitLab: https://gitlab.com/mailman/mailman/-/compare/03ca640e87d2ca72f0208a1105eccaad1076049d...407036f6cc5895609c015b79c0f5026c16e9d952 -- View it on GitLab: https://gitlab.com/mailman/mailman/-/compare/03ca640e87d2ca72f0208a1105eccaad1076049d...407036f6cc5895609c015b79c0f5026c16e9d952 You're receiving this email because of your account on gitlab.com.
_______________________________________________ Mailman-checkins mailing list -- mailman-checkins@python.org To unsubscribe send an email to mailman-checkins-le...@python.org https://mail.python.org/mailman3/lists/mailman-checkins.python.org/ Member address: arch...@jab.org
