rpms/postfix/F-8 postfix-CVE-2008-2936.patch, NONE, 1.1 postfix.spec, 1.58, 1.59
Thomas Woerner (twoerner)
fedora-extras-commits at redhat.com
Thu Aug 14 13:56:18 UTC 2008
Author: twoerner
Update of /cvs/pkgs/rpms/postfix/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11707
Modified Files:
postfix.spec
Added Files:
postfix-CVE-2008-2936.patch
Log Message:
- fixed postfix privilege problem with symlinks in the mail spool directory
(CVE-2008-2936) (rhbz#459099)
postfix-CVE-2008-2936.patch:
--- NEW FILE postfix-CVE-2008-2936.patch ---
*** postfix/src/util/safe_open.c.orig Sun Jun 4 19:04:49 2006
- --- postfix/src/util/safe_open.c Mon Aug 4 16:47:18 2008
***************
*** 83,88 ****
- --- 83,89 ----
#include <msg.h>
#include <vstream.h>
#include <vstring.h>
+ #include <stringops.h>
#include <safe_open.h>
/* safe_open_exist - open existing file */
***************
*** 138,150 ****
* for symlinks owned by root. NEVER, NEVER, make exceptions for symlinks
* owned by a non-root user. This would open a security hole when
* delivering mail to a world-writable mailbox directory.
*/
else if (lstat(path, &lstat_st) < 0) {
vstring_sprintf(why, "file status changed unexpectedly: %m");
errno = EPERM;
} else if (S_ISLNK(lstat_st.st_mode)) {
! if (lstat_st.st_uid == 0)
! return (fp);
vstring_sprintf(why, "file is a symbolic link");
errno = EPERM;
} else if (fstat_st->st_dev != lstat_st.st_dev
- --- 139,167 ----
* for symlinks owned by root. NEVER, NEVER, make exceptions for symlinks
* owned by a non-root user. This would open a security hole when
* delivering mail to a world-writable mailbox directory.
+ *
+ * Sebastian Krahmer of SuSE brought to my attention that some systems have
+ * changed their semantics of link(symlink, newpath), such that the
+ * result is a hardlink to the symlink. For this reason, we now also
+ * require that the symlink's parent directory is writable only by root.
*/
else if (lstat(path, &lstat_st) < 0) {
vstring_sprintf(why, "file status changed unexpectedly: %m");
errno = EPERM;
} else if (S_ISLNK(lstat_st.st_mode)) {
! if (lstat_st.st_uid == 0) {
! VSTRING *parent_buf = vstring_alloc(100);
! const char *parent_path = sane_dirname(parent_buf, path);
! struct stat parent_st;
! int parent_ok;
!
! parent_ok = (stat(parent_path, &parent_st) == 0 /* not lstat */
! && parent_st.st_uid == 0
! && (parent_st.st_mode & (S_IWGRP | S_IWOTH)) == 0);
! vstring_free(parent_buf);
! if (parent_ok)
! return (fp);
! }
vstring_sprintf(why, "file is a symbolic link");
errno = EPERM;
} else if (fstat_st->st_dev != lstat_st.st_dev
Index: postfix.spec
===================================================================
RCS file: /cvs/pkgs/rpms/postfix/F-8/postfix.spec,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- postfix.spec 4 Oct 2007 13:39:00 -0000 1.58
+++ postfix.spec 14 Aug 2008 13:55:48 -0000 1.59
@@ -39,7 +39,7 @@
Name: postfix
Summary: Postfix Mail Transport Agent
Version: 2.4.5
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 2
Group: System Environment/Daemons
URL: http://www.postfix.org
@@ -80,6 +80,7 @@
Patch8: postfix-large-fs.patch
Patch9: postfix-2.4.0-cyrus.patch
Patch10: postfix-2.4.5-open_define.patch
+Patch11: postfix-CVE-2008-2936.patch
# Optional patches - set the appropriate environment variables to include
# them when building the package/spec file
@@ -138,6 +139,7 @@
%patch8 -p1 -b .large-fs
%patch9 -p1 -b .cyrus
%patch10 -p1 -b .open_define
+%patch11 -p1 -b .CVE-2008-2936
%if %{PFLOGSUMM}
gzip -dc %{SOURCE53} | tar xf -
@@ -466,6 +468,10 @@
%changelog
+* Thu Aug 14 2008 Thomas Woerner <twoerner at redhat.com> 2:2.4.5-3
+- fixed postfix privilege problem with symlinks in the mail spool directory
+ (CVE-2008-2936) (rhbz#459099)
+
* Thu Oct 4 2007 Thomas Woerner <twoerner at redhat.com> 2:2.4.5-2
- made init script lsb conform (#243286, rhbz#247025)
- added link to postfix sasl readme into Postfix-SASL-RedHat readme
More information about the fedora-extras-commits
mailing list