rpms/postfix/F-9 postfix-CVE-2008-2936.patch, NONE, 1.1 postfix.spec, 1.66, 1.67
Thomas Woerner (twoerner)
fedora-extras-commits at redhat.com
Thu Aug 14 14:03:09 UTC 2008
Author: twoerner
Update of /cvs/pkgs/rpms/postfix/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18977
Modified Files:
postfix.spec
Added Files:
postfix-CVE-2008-2936.patch
Log Message:
- fixed postfix privilege problem with symlinks in the mail spool directory
(CVE-2008-2936) (rhbz#459100)
postfix-CVE-2008-2936.patch:
--- NEW FILE postfix-CVE-2008-2936.patch ---
*** postfix/src/util/safe_open.c.orig Sun Jun 4 19:04:49 2006
- --- postfix/src/util/safe_open.c Mon Aug 4 16:47:18 2008
***************
*** 83,88 ****
- --- 83,89 ----
#include <msg.h>
#include <vstream.h>
#include <vstring.h>
+ #include <stringops.h>
#include <safe_open.h>
/* safe_open_exist - open existing file */
***************
*** 138,150 ****
* for symlinks owned by root. NEVER, NEVER, make exceptions for symlinks
* owned by a non-root user. This would open a security hole when
* delivering mail to a world-writable mailbox directory.
*/
else if (lstat(path, &lstat_st) < 0) {
vstring_sprintf(why, "file status changed unexpectedly: %m");
errno = EPERM;
} else if (S_ISLNK(lstat_st.st_mode)) {
! if (lstat_st.st_uid == 0)
! return (fp);
vstring_sprintf(why, "file is a symbolic link");
errno = EPERM;
} else if (fstat_st->st_dev != lstat_st.st_dev
- --- 139,167 ----
* for symlinks owned by root. NEVER, NEVER, make exceptions for symlinks
* owned by a non-root user. This would open a security hole when
* delivering mail to a world-writable mailbox directory.
+ *
+ * Sebastian Krahmer of SuSE brought to my attention that some systems have
+ * changed their semantics of link(symlink, newpath), such that the
+ * result is a hardlink to the symlink. For this reason, we now also
+ * require that the symlink's parent directory is writable only by root.
*/
else if (lstat(path, &lstat_st) < 0) {
vstring_sprintf(why, "file status changed unexpectedly: %m");
errno = EPERM;
} else if (S_ISLNK(lstat_st.st_mode)) {
! if (lstat_st.st_uid == 0) {
! VSTRING *parent_buf = vstring_alloc(100);
! const char *parent_path = sane_dirname(parent_buf, path);
! struct stat parent_st;
! int parent_ok;
!
! parent_ok = (stat(parent_path, &parent_st) == 0 /* not lstat */
! && parent_st.st_uid == 0
! && (parent_st.st_mode & (S_IWGRP | S_IWOTH)) == 0);
! vstring_free(parent_buf);
! if (parent_ok)
! return (fp);
! }
vstring_sprintf(why, "file is a symbolic link");
errno = EPERM;
} else if (fstat_st->st_dev != lstat_st.st_dev
Index: postfix.spec
===================================================================
RCS file: /cvs/pkgs/rpms/postfix/F-9/postfix.spec,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- postfix.spec 24 May 2008 06:15:32 -0000 1.66
+++ postfix.spec 14 Aug 2008 14:02:38 -0000 1.67
@@ -40,7 +40,7 @@
Name: postfix
Summary: Postfix Mail Transport Agent
Version: 2.5.1
-Release: 2%{?dist}.1
+Release: 3%{?dist}
Epoch: 2
Group: System Environment/Daemons
URL: http://www.postfix.org
@@ -81,6 +81,7 @@
Patch8: postfix-large-fs.patch
Patch9: postfix-2.4.0-cyrus.patch
Patch10: postfix-2.4.5-open_define.patch
+Patch11: postfix-CVE-2008-2936.patch
# Optional patches - set the appropriate environment variables to include
# them when building the package/spec file
@@ -139,6 +140,7 @@
%patch8 -p1 -b .large-fs
%patch9 -p1 -b .cyrus
%patch10 -p1 -b .open_define
+%patch11 -p1 -b .CVE-2008-2936
# resolve multilib conflict for makedefs.out: rename to makedefs.out-%{_arch}
perl -pi -e "s/makedefs.out/makedefs.out-%{_arch}/g" conf/postfix-files Makefile.in */Makefile.in */*/Makefile.in HISTORY
@@ -480,6 +482,10 @@
%changelog
+* Thu Aug 14 2008 Thomas Woerner <twoerner at redhat.com> 2:2.5.1-3
+- fixed postfix privilege problem with symlinks in the mail spool directory
+ (CVE-2008-2936) (rhbz#459100)
+
* Mon May 19 2008 Dennis Gilmore <dennis at ausil.us> 2:2.5.1-2.1
- rebuild for sparc
More information about the fedora-extras-commits
mailing list