Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 161569 Details for
Bug 232642
mail-mta/postfix Insufficient mailbox owner/symlink checks (CVE-2008-2936, CVE-2008-2937)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
postfix-2.4.7-CVE-2008-2936.patch
postfix-2.4.7-CVE-2008-2936.patch (text/plain), 1.83 KB, created by
Robert Buchholz (RETIRED)
on 2008-07-28 19:33:59 UTC
(
hide
)
Description:
postfix-2.4.7-CVE-2008-2936.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-07-28 19:33:59 UTC
Size:
1.83 KB
patch
obsolete
>Index: postfix-2.4.7/src/util/safe_open.c >=================================================================== >--- postfix-2.4.7.orig/src/util/safe_open.c >+++ postfix-2.4.7/src/util/safe_open.c >@@ -83,6 +83,7 @@ > #include <msg.h> > #include <vstream.h> > #include <vstring.h> >+#include <stringops.h> > #include <safe_open.h> > > /* safe_open_exist - open existing file */ >@@ -138,13 +139,30 @@ static VSTREAM *safe_open_exist(const ch > * for symlinks owned by root. NEVER, NEVER, make exceptions for symlinks > * owned by a non-root user. This would open a security hole when > * delivering mail to a world-writable mailbox directory. >+ * >+ * The semantics of link(symlink, target) has changed over time. >+ * Traditionally, UNIX systems hardlink the target of the symlink. >+ * However, some systems hardlink the symlink itself. The latter behavior >+ * was introduced with Solaris 2.0, and with Linux kernel 2.0. Sebastian >+ * Krahmer of SuSE found that hardlinks to symlinks could be used to >+ * append mail for root to a sensitive file. For this reason, we not >+ * only require that a symlink is owned by root, but we now also require >+ * that its parent directory is writable only by root. > */ > else if (lstat(path, &lstat_st) < 0) { > vstring_sprintf(why, "file status changed unexpectedly: %m"); > errno = EPERM; > } else if (S_ISLNK(lstat_st.st_mode)) { >- if (lstat_st.st_uid == 0) >- return (fp); >+ if (lstat_st.st_uid == 0) { >+ struct stat parent_st; >+ const char *parent; >+ >+ parent = sane_dirname((VSTRING *) 0, path); >+ if (stat(parent, &parent_st) == 0 /* real parent */ >+ && parent_st.st_uid == 0 >+ && (parent_st.st_mode & (S_IWGRP | S_IWOTH)) == 0) >+ return (fp); >+ } > vstring_sprintf(why, "file is a symbolic link"); > errno = EPERM; > } else if (fstat_st->st_dev != lstat_st.st_dev
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=161569">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 232642
:
161331
|
161366
|
161368
| 161569 |
161570
|
161572
|
162101
|
162102
