18 September 2004
-SECURITY: previous versions of getmail contain a security vulnerability.
A local attacker with a shell account could exploit a race condition (or a
similar symlink attack) to cause getmail to create or overwrite files in a
directory of the local user's choosing if the system administrator ran getmail
as root and delivered messages to a maildir or mbox file under the control of
the attacker, resulting in a local root exploit. Fixed in versions 4.2.0
This vulnerability is not exploitable if the administrator does not deliver
mail to the maildirs/mbox files of untrusted local users, or if getmail is
configured to use an external unprivileged MDA. This vulnerability is
not remotely exploitable.
Thanks: David Watson. My gratitude to David for his work on finding and
analyzing this problem.
-Now, on Unix-like systems when run as root, getmail forks a child
process and drops privileges before delivering to maildirs or mbox files.
getmail will absolutely refuse to deliver to such destinations as root;
the uid to switch to must be configured in the getmailrc file.
-revert behaviour regarding delivery to non-existent mbox files. Versions
4.0.0 through 4.1.5 would create the mbox file if it did not exist; in
versions 4.2.0 and up, getmail reverts to the v.3 behaviour of refusing
to do so.
renamed ebuild works.
Steps to Reproduce:
net-mail please confirm and provide updated ebuild if necessary.
The ebuild for 4.2.0 now in CVS portage.
archs, please mark stable.
My summary wasn't as precise as i could be:
"Fixed in versions 4.2.0 and 3.2.5."
If getmail-3 should remain in the tree then bump to 3.2.5.
We intended to remove getmail-3 from portage as soon as 4.0.2-r2 gets stable. As 4.2.0 will hopefully get marked stable soon, I'll remove -3 after that.
marked 4.20 ppc
If i need to mark every version stable from 3.2.5 till there please let me know (rather not but hey :-) )
Stable on x86
Stable on alpha.
stable on amd64
As 4.2.0 is stable on all arches set for it, I'm finally removing all getmail-3 ebuilds.