On Fri, Nov 30, 2012 at 11:41 PM, Wietse Venema <wie...@porcupine.org> wrote:
> wimpunk:
>> On Fri, Nov 30, 2012 at 11:10 PM, Wietse Venema <wie...@porcupine.org> wrote:
>> > wimpunk:
>> >> Hi,
>> >>
>> >> I've been wondering why my .forward files didn't worked like I
>> >> expected and finally I found out dotforward doesn't accept linked
>> >> files. Is there any reason why dotforward doesn't read links? In
>> >> src/local/dotforward.c (line232 of the latest debian version) I wanted
>> >> to change
>> >
>> > What if the symlink points to /dev/zero or /dev/random?
>> >
>> > Wietse
>>
>> It would fail because the file would be world writable.
>
> Right, and your point is that all malicious symlinks under all
> user's home directories will always resolve to a world-writable
> file, so I should not have to worry about such things.
>
> Wietse
No, my point is that if it would point to /dev/zero or /dev/random, it
would fail because the file is world writable.
If you want to check on malicious links, postfix could verify if the
link it points to is a file with the correct features.
I believe there is no need for such check. If you're afraid of
malicious files, you better just disable the userforward feature.
People could write their own malicious files. There is actually not
that much difference between doing a cp or doing a ln, or at least not
from my point of view. I'm pretty much interested in what you
consider as a malicious file and why it should be considered as a much
bigger risk than using the normal dotforward files.
The reason I searched for this is because I just wanted to make my own
management easier. I had a .forward+a file which filtered the mail to
a specific folder in my mailbox. Because I wanted the mail send to
${user}+b and ${user}+c handled the same way, I created a link named
.forward+b and .forward+c which pointed to .forward+a but as we know,
it didn't worked.
Regards,
wimpunk.
