Matthias Andree:
> Am 11.06.2017 um 20:50 schrieb Wietse Venema:
> > Philip Paeps:
> >> On 2017-06-11 14:07:36 (-0400), Wietse Venema wrote:
> >>> Oh, and it will of course open a DB_CONFIG file in whatever happens to
> >>> be the super-user's cwd when they invoke the postmap or postalias
> >>>
Am 11.06.2017 um 20:50 schrieb Wietse Venema:
> Philip Paeps:
>> On 2017-06-11 14:07:36 (-0400), Wietse Venema wrote:
>>> Oh, and it will of course open a DB_CONFIG file in whatever happens to
>>> be the super-user's cwd when they invoke the postmap or postalias
>>> command, so this is not just
> Oh, and it will of course open a DB_CONFIG file in whatever happens
> to be the super-user's cwd when they invoke the postmap or postalias
> command, so this is not just a matter of set-gid Postfix commands.
>
> Although opening a DB_CONFIG file in the current directory is
> undocumented, there
Philip Paeps:
> On 2017-06-11 14:07:36 (-0400), Wietse Venema wrote:
> >Oh, and it will of course open a DB_CONFIG file in whatever happens to
> >be the super-user's cwd when they invoke the postmap or postalias
> >command, so this is not just a matter of set-gid Postfix commands.
> >
> >[...]
>
On 2017-06-11 14:07:36 (-0400), Wietse Venema wrote:
Oh, and it will of course open a DB_CONFIG file in whatever happens to
be the super-user's cwd when they invoke the postmap or postalias
command, so this is not just a matter of set-gid Postfix commands.
[...]
-if ((errno = db->set_c
Scott Kitterman:
> >Postfix daemons run with cwd == /var/spool/postfix which is writable
> >only by root. So that is safe.
> >
> >Set-gid Postfix non-daemon programs will eventually chdir() to
> >/var/spool/postfix, but it is possible that PAM or NSS opens a db
> >file before that time, or that pos
On June 10, 2017 9:35:38 PM EDT, wie...@porcupine.org wrote:
>Wietse Venema:
>> Scott Kitterman:
>> > It would be nice to get a read from the Postfix developers if this
>issue
>> > recently reported to oss-security [1] is relevant to Postfix on
>systems with
>> > support for Berkeley DB databas
Wietse Venema:
> Scott Kitterman:
> > It would be nice to get a read from the Postfix developers if this issue
> > recently reported to oss-security [1] is relevant to Postfix on systems
> > with
> > support for Berkeley DB databases?
>
> Set-[ug]id privilege escalation with environment setting
Scott Kitterman:
> It would be nice to get a read from the Postfix developers if this issue
> recently reported to oss-security [1] is relevant to Postfix on systems with
> support for Berkeley DB databases?
Set-[ug]id privilege escalation with environment settings that
modify the behavior of a
It would be nice to get a read from the Postfix developers if this issue
recently reported to oss-security [1] is relevant to Postfix on systems with
support for Berkeley DB databases?
Scott K
[1] http://www.openwall.com/lists/oss-security/2017/06/10/1
10 matches
Mail list logo
