Demi M. Obenour:
Checking application/pgp-signature: FAILURE
-- Start of PGP signed section.
> On 10/5/20 6:15 PM, Wietse Venema wrote:
> > Demi M. Obenour:
> >> There was a recent vulnerability in OpenBSD due to libc malfunctioning
> >> in a set-uid-root program under very low resource limits. I would
> >> prefer to minimize the amount of third-party libraries that are used
> >> by postdrop. That said, another option would be to error out if the
> >> resource limits are below what we consider a reasonable minimum.
> >
> > Another good reason for not using set-uid root programs...
>
> Indeed.
>
> > I don't think it is practical for Postfix to have universal minimal
> > resource limts. You can add some custom OPENBSD code later.
>
> That makes sense. The OpenBSD vulnerability has been fixed, and was
> merely used as an example. No OpenBSD-specific code will be needed,
> at least not for this purpose.
>
> > Surprise: Postfix has a strip_addr() function that can remove adress
> > extensions before enforcing the ACL.
>
> Good to know! That proved critical.
>
> >> Is the code in smtpd_check.c a good place to start?
> >
> > Yes. It also helps you to become familiar with Postfix's
> > approach to parsing.
>
> Indeed it was helpful. Thanks for the tip!
>
> Patch (made against 3.5.7) attached. I lightly tested it locally and
> it seems to work, but there could very well be bugs. I am virtually
> certain that I violated the Postfix coding style somewhere, sorry.
> I can also send the patch inline if you prefer.
I can read it. I'll try to massage the code later this week (instead
of a dozen back-and-forth email messages about awkward details).
mail_addr_find -> maps_find
"+" -> var_rcpt_delim
allow 'not found' users, similar to smtpd_sender_login_maps
put the new code inside its own function, avoiding gotos
Wietse
> For what it is worth, I found the Postfix source code to be very clean
> and easy to read. Writing this patch probably took about four hours
> of work, which is significantly less than I expected for a non-trivial
> feature. Thank you for all the work you have put into Postfix!
>
> > Wietse
> Thank you,
>
> Demi
[ Attachment, skipping... ]
[ Attachment, skipping... ]
-- End of PGP section, PGP failed!
