On 06 Sep 2018, at 12:19, Luc Pardon wrote:
> However, although symlinks inside the Postfix dirs were not needed in
> the past, that has changed by now. They have become necessary because
> OpenSSL needs them to find its certificates, so we can't just tell the
> admin to get rid of them.
The way
> On Sep 6, 2018, at 2:19 PM, Luc Pardon wrote:
>
> However, although symlinks inside the Postfix dirs were not needed in
> the past, that has changed by now. They have become necessary because
> OpenSSL needs them to find its certificates, so we can't just tell the
> admin to get rid of them.
On 05-09-18 18:18, Wietse Venema wrote:
> Luc Pardon:
>> The first question is obviously: can we disallow symlinks to the outside
>> world by definition? I'd say the answer is yes, but $(whoami) ?
>
> Here is some background on pathname safety.
>
Thanks for that. Also, the paper - at a first
Luc Pardon:
> The first question is obviously: can we disallow symlinks to the outside
> world by definition? I'd say the answer is yes, but $(whoami) ?
Here is some background on pathname safety.
A symlink is unsafe if it resolves to an unsafe pathname.
A pathname is unsafe is the target itself
On 05-09-18 15:04, Luc Pardon wrote:
> The Q&D shell scriptlet below my sig would probably do the trick
>
> ==
> #!/bin/sh
>
> # This would not be needed if integrated into postfix-script:
> BASE=$(postconf -hx config_directory | sed "s/\n$//")
>
> # Search fo
On 05-09-18 13:26, Wietse Venema wrote:
> Luc Pardon:
>> Hello,
>>
>> Running Postfix 3.3.1 under Linux, postfix-script produces pointless
>> warnings if/when there are symbolic links in or below $config_directory.
>
> The problem is that the symlink may point to any location including
> a file
Luc Pardon:
> Hello,
>
> Running Postfix 3.3.1 under Linux, postfix-script produces pointless
> warnings if/when there are symbolic links in or below $config_directory.
The problem is that the symlink may point to any location including
a file under an unsafe directory such as /var/tmp or /home/u
Hello,
Running Postfix 3.3.1 under Linux, postfix-script produces pointless
warnings if/when there are symbolic links in or below $config_directory.
1. I installed (CA root) certificates in a subdir of /etc/postfix and
rehash with "openssl rehash . This will of course create a
symlink to each cer
