On Thu, Dec 04, 2014 at 02:42:41PM +0200, Heikki Linnakangas wrote:
> On 10/06/2014 04:21 PM, Heikki Linnakangas wrote:
> >This probably needs some further cleanup before it's ready for
> >committing. One issues is that it creates a temporary cluster that
> >listens for TCP connections on localhost, which isn't safe on a
> >multi-user system.
>
> This issue remains. There isn't much we can do about it; SSL doesn't work
> over Unix domain sockets. We could make it work, but that's a whole
> different feature.
A large subset of the test suite could be made secure. Omit or lock down
"trustdb", and skip affected tests. (Perhaps have an --unsafe-tests option to
reactivate them.) Instead of distributing frozen keys, generate all keys
on-demand. Ensure that key files have secure file modes from the start.
Having said that, ...
> How do people feel about including this test suite in the source tree? It's
> probably not suitable for running as part of "make check-world", but it's
> extremely handy if you're working on a patch related to SSL. I'd like to
> commit this, even if it has some rough edges. That way we can improve it
> later, rather than have it fall into oblivion. Any objections?
... +1 for having this suite in the tree, even if check-world ignores it.
Echoing Tom's comment, the README should mention its security weakness.
Thanks,
nm