Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 162102 Details for
Bug 232642
mail-mta/postfix Insufficient mailbox owner/symlink checks (CVE-2008-2936, CVE-2008-2937)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
postfix-2.5.3-CVE-2008-2936.patch
postfix-2.5.3-CVE-2008-2936.patch (text/plain), 1.84 KB, created by
Tobias Scherbaum (RETIRED)
on 2008-08-03 14:46:34 UTC
(
hide
)
Description:
postfix-2.5.3-CVE-2008-2936.patch
Filename:
MIME Type:
Creator:
Tobias Scherbaum (RETIRED)
Created:
2008-08-03 14:46:34 UTC
Size:
1.84 KB
patch
obsolete
>diff -Naur postfix-2.5.3.orig/src/util/safe_open.c postfix-2.5.3/src/util/safe_open.c >--- postfix-2.5.3.orig/src/util/safe_open.c 2006-06-05 01:04:49.000000000 +0200 >+++ postfix-2.5.3/src/util/safe_open.c 2008-08-03 16:42:10.882440950 +0200 >@@ -83,6 +83,7 @@ > #include <msg.h> > #include <vstream.h> > #include <vstring.h> >+#include <stringops.h> > #include <safe_open.h> > > /* safe_open_exist - open existing file */ >@@ -138,13 +139,30 @@ > * for symlinks owned by root. NEVER, NEVER, make exceptions for symlinks > * owned by a non-root user. This would open a security hole when > * delivering mail to a world-writable mailbox directory. >+ * >+ * The semantics of link(symlink, target) has changed over time. >+ * Traditionally, UNIX systems hardlink the target of the symlink. >+ * However, some systems hardlink the symlink itself. The latter behavior >+ * was introduced with Solaris 2.0, and with Linux kernel 2.0. Sebastian >+ * Krahmer of SuSE found that hardlinks to symlinks could be used to >+ * append mail for root to a sensitive file. For this reason, we not >+ * only require that a symlink is owned by root, but we now also require >+ * that its parent directory is writable only by root. > */ > else if (lstat(path, &lstat_st) < 0) { > vstring_sprintf(why, "file status changed unexpectedly: %m"); > errno = EPERM; > } else if (S_ISLNK(lstat_st.st_mode)) { >- if (lstat_st.st_uid == 0) >- return (fp); >+ if (lstat_st.st_uid == 0) { >+ struct stat parent_st; >+ const char *parent; >+ >+ parent = sane_dirname((VSTRING *) 0, path); >+ if (stat(parent, &parent_st) == 0 /* real parent */ >+ && parent_st.st_uid == 0 >+ && (parent_st.st_mode & (S_IWGRP | S_IWOTH)) == 0) >+ return (fp); >+ } > vstring_sprintf(why, "file is a symbolic link"); > errno = EPERM; > } else if (fstat_st->st_dev != lstat_st.st_dev
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 232642
:
161331
|
161366
|
161368
|
161569
|
161570
|
161572
|
162101
| 162102