This will limit scalability, but can work with low request rates.
However, there is an inherent danger to using arbitrary email
addresses from the internet in a shell command line.
Depending on how the commands are run, there may be shell command
injection opportunities when an email address contains semicolon,
backslash, quote, or other special characters. Postfix does not
allow addresses that start with '-'.
On 01.07.21 14:18, Kevin N. wrote:
That's what I was afraid of.
The script is a Python script and it is executed as user nobody
through Postfix's spawn service, whenever check_policy_service needs
it.
From what I can see postconf and postmap are called using Python's
subprocess.Popen, like so:
subprocess.Popen(args, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT, encoding='utf-8', shell=False)
where:
args = ['/usr/sbin/postconf', '-xh', 'virtual_alias_maps']
and
args = ['/usr/sbin/postmap', '-q',
'recipient@from-postfix-check-policy-service-call',
'hash:/etc/postfix/virtual_aliases']
With shell=False and assuming that Python doesn't have some nasty bug
in this area, is it safe to assume that shell command injection would
not be possible in this case?
by the way, can you tell us what exactly does the policy service do?
I was curious if I could do a script that would do the same, with the same
possible issues.
I can do perl, but it looks neither python nor perl have interface to postfix
what could e.g. expand maps without calling external commands.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.
