>> Therefore, while it may be possible to attempt to work around this
>> in Postfix, the only sensible solution is at the OS level.
>
> Alas, those linking restrictions are still disabled by default on a
> vanilla linux kernel (upstream rejected the patch to enable them), and
> on every non-linux
On 01/29/2018 03:31 PM, Viktor Dukhovni wrote:
>
> This issue affects a lot more than just Postfix, for example tar(1)
> when run as root will chown files to the owner listed in the archive
> metadata, and is almost certainly equally exposed.
I'm not 100% sure, but it looks like GNU tar will use
> On Jan 29, 2018, at 12:21 PM, Michael Orlitzky wrote:
>
> My question is, can't the $mail_owner -- who knows that this is going to
> take place eventually -- throw a hard link into the active queue that
> points to a sensitive file? Proof of concept:
>
> $ sudo su postfix -s /bin/sh -c 'ln
On 01/29/2018 12:25 PM, Joris (ideeel) wrote:
>
> Doesnt postfix use proxymap for that?
> http://www.postfix.org/proxymap.8.html
>
For what? I'm wondering whether or not the upgrade procedure is safe
w.r.t. the $mail_owner user.
On 01/28/2018 01:53 PM, Viktor Dukhovni wrote:
>
> You're not supposed to do this "by hand". Instead, when upgrading from
> source, run:
>
> # postfix set-permissions upgrade-configuration
>
How sensitive is the $mail_owner account? From what I gather, the
set-permissions script (which defe
On Sun, 28 Jan 2018, Wietse Venema wrote:
Please tell the maintainer that it they need to run the command, not the
user.
Wietse,
I'll do this.
Thanks,
Rich
Rich Shepard:
> On Sun, 28 Jan 2018, Wietse Venema wrote:
>
> > You're not supposed to chown the files. That is part of the Postfix
> > installation/upgrade process. If you use some non-Postfix
> > installation/upgrade procedure, then that is broken.
>
> Wietse,
>
>Next upgrade I'll run the
On Sun, 28 Jan 2018, Wietse Venema wrote:
You're not supposed to chown the files. That is part of the Postfix
installation/upgrade process. If you use some non-Postfix
installation/upgrade procedure, then that is broken.
Wietse,
Next upgrade I'll run the set-permissions script.
Thanks,
Ri
On Sun, 28 Jan 2018, Viktor Dukhovni wrote:
When upgrading from an older postfix version, make sure the variables such as
html_directory and readme_directory in /etc/postfix/main.cf point to the new
location. These can also be fixed later, afterwards make sure to run:
postfix set-per
> On Jan 28, 2018, at 2:41 PM, Rich Shepard wrote:
>
> I use the SlackBuilds.org build script (as I do for all my installations
> and upgrades).
Please file a bug report for the build scripts in question. When it installs
Postfix, it should run "postfix set-permissions" and perform some equiv
Rich Shepard:
>postdrop still is a group. What I had neglected in my post-installation
> notes was to change the group to postdrop for those two scripts prior to
> running set-gid on them.
You're not supposed to chown the files. That is part of the
Postfix installation/upgrade process. If you
On Sun, 28 Jan 2018, Viktor Dukhovni wrote:
Note that "make; make upgrade" would normally take care of this, perhaps
you're doing something else (needlessly complicated)?
Viktor,
I use the SlackBuilds.org build script (as I do for all my installations
and upgrades).
Also see:
http://www
> On Jan 28, 2018, at 2:08 PM, Rich Shepard wrote:
>
> On Sun, 28 Jan 2018, Viktor Dukhovni wrote:
>
>> # postfix set-permissions upgrade-configuration
Note that "make; make upgrade" would normally take care of this, perhaps you're
doing something else (needlessly complicated)?
> I thought t
On Sun, 28 Jan 2018, Viktor Dukhovni wrote:
# postfix set-permissions upgrade-configuration
Viktor,
I thought there was a procedure for post-upgrade configuration but had
forgotten where I had seen it.
Thanks very much for the information. It now resides where I'll see it
(and use it) f
> On Jan 28, 2018, at 1:11 PM, Rich Shepard wrote:
>
> I just upgraded from 3.2.4 to 3.2.5 and ensured that /usr/sbin/postdrop
> and /usr/sbin/postqueue were set gid:
>
> -rwxr-sr-x 1 root root 13888 Jan 28 08:58 /usr/sbin/postdrop*
> -rwxr-sr-x 1 root root 18012 Jan 28 08:58 /usr/sbin/post
On Sun, 28 Jan 2018, robert.wo...@robertwolfe.org wrote:
I would first check and see if group "postdrop" exists. Then, if so, I
would recommend running a "chown root:postdrop" on these files. But, of
course, YMMV.
Robert,
postdrop still is a group. What I had neglected in my post-installati
Of Rich Shepard
Sent: Sunday, January 28, 2018 12:12 PM
To: postfix-users@postfix.org
Subject: Upgrade to -3.2.5: permissions question
I just upgraded from 3.2.4 to 3.2.5 and ensured that /usr/sbin/postdrop
and /usr/sbin/postqueue were set gid:
-rwxr-sr-x 1 root root 13888 Jan 28 08:58 /usr/sbi
I just upgraded from 3.2.4 to 3.2.5 and ensured that /usr/sbin/postdrop
and /usr/sbin/postqueue were set gid:
-rwxr-sr-x 1 root root 13888 Jan 28 08:58 /usr/sbin/postdrop*
-rwxr-sr-x 1 root root 18012 Jan 28 08:58 /usr/sbin/postqueue*
Yet, when I start postfix I see these messages:
Jan 28
18 matches
Mail list logo
