mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.11-20130929

Browse Source
This commit is contained in:
Wietse Venema 2013-09-29 00:00:00 -05:00 committed by Viktor Dukhovni
parent 2ffd296c6a
commit 12a1fc191f
12 changed files with 252 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
postfix/HISTORY
View File

@ -18950,7 +18950,22 @@ Apologies for any names omitted.
This is a hard limit built into the OpenLDAP library that
causes requests to fail when the number of open read
transactions exceeds the limit. When this happens the LMDB
client logs a MDB_READERS_FULL warning and continues with
client logs an MDB_READERS_FULL warning and continues with
reduced performance. Files: util/dict_lmdb.c, util/dict_lmdb.h,
global/mail_params.h, global/mail_params.c, proto/postconf.proto,
proto/LMDB_README.html.
20130929
Security violation: LMDB opens files with read/write access
for lock management purposes. This gives unprivileged
daemon processes read/write file handles for root-owned
files under /etc/postfix. This also breaks when a non-root
process needs to access a root-owned database. Even if
LMDB lock files were world-writable, and kept in a dedicated
directory, they would still violate the principle of least
privilege. For all these reasons, support to create LMDB
files is removed from the postmap and postalias commands.
LMDB files can still be created by unprivileged Postfix
daemon processes under the postfix-owned data_directory.
Files: proto/LMDB_README.html, global/mkmap.c.

8
postfix/README_FILES/INSTALL
View File

@ -277,8 +277,12 @@ The following is an extensive list of names and values.
|| |known to support it. |
|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
|| |Do not build with NIS or NISPLUS support. NIS |
||-DNO_NIS |is not available on some recent Linux or |
|| |Solaris distributions. |
||-DNO_NIS |is not available on some recent Linux |
|| |distributions. |
|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
|| |Do not build with NISPLUS support. NISPLUS is |
||-DNO_NISPLUS |not available on some recent Solaris |
|| |distributions. |
|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
|| |Do not build with PCRE support. By default, |
||-DNO_PCRE |PCRE support is compiled in when the pcre- |

59
postfix/README_FILES/LMDB_README
View File

@ -4,11 +4,25 @@ PPoossttffiixx OOppeennLLDDAAPP LLMMDDBB HHoowwttoo
IInnttrroodduuccttiioonn
Warning: LMDB applications require write access even when the application
itself is read-only. This violates the principle of least privilege, and
causes all kinds of problems when a non-root process needs to query a root-
owned database such as access(5), virtual(5), or transport(5).
Support to create LMDB databases is no longer available for the postmap(1)
and postalias(1) commands. Instead, consider using cdb: to manage root-
owned databases under the root-owned config_directory (default: /etc/
postfix) such as access(5), virtual(5), or transport(5).
Support to create LMDB databases is available only for unprivileged Postfix
daemon processes such as postscreen(8), tlsmgr(8) and verify(8) that manage
postfix-owned databases under the postfix-owned data_directory (default: /
var/lib/postfix).
Postfix uses databases of various kinds to store and look up information.
Postfix databases are specified as "type:name". OpenLDAP LMDB implements the
Postfix database type "lmdb". The name of a Postfix OpenLDAP LMDB database is
the name of the database file without the ".lmdb" suffix. OpenLDAP LMDB
databases are maintained with the postmap(1) and postalias(1) commands.
the name of the database file without the ".lmdb" suffix.
This document describes:
@ -71,9 +85,29 @@ UUnneexxppeecctteedd ffaaiilluurree mmooddeess ooff PPo
As documented below, conversion to LMDB introduces a number of failure modes
that don't exist with other Postfix databases. Some failure modes have been
eliminated on the course of time. The writeup below reflects the status as of
eliminated in the course of time. The writeup below reflects the status as of
of LMDB 0.9.8.
UUnneexxppeecctteedd ""PPeerrmmiissssiioonn ddeenniieedd"" eerrrroorrss..
Problem:
A world-readable LMDB database cannot be opened by a process with a UID
that differs from the database file owner, even when an attempt is made to
open the database read-only. This problem does not exist with other Postfix
databases.
Background:
The LMDB implementation requires write access to maintain read locks, and
perhaps for other purposes.
Solution:
Consider using cdb: to manage root-owned databases under the root-owned /
etc or config_directory (default: /etc/postfix) such as access(5), virtual
(5), transport(5). Support to create LMDB databases is available only for
unprivileged Postfix daemon processes such as postscreen(8), tlsmgr(8) and
verify(8) that manage postfix-owned databases under the postfix-owned
data_directory (default: /var/lib/postfix).
UUnneexxppeecctteedd ""rreeaaddeerrss ffuullll"" eerrrroorrss..
Problem:
@ -83,7 +117,7 @@ Problem:
Background:
The LMDB implementation enforces a hard limit on the number of simultaneous
read requests for the same database environment. This limit must be
specified with the lmdb_max_readers configuration parameter.
specified in advance with the lmdb_max_readers configuration parameter.
Mitigation:
Postfix logs a warning suggesting that the lmdb_max_readers parameter value
@ -91,16 +125,15 @@ Mitigation:
times while running with reduced performance.
Prevention:
Monitor your LMDB files for MDB_READERS_FULL errors and make the necessary
adjustments. Consider using CDB for read-mostly databases.
Monitor your LMDB files for MDB_READERS_FULL errors. After making the
necessary adjustments, restart Postfix.
NNoonn--oobbvviioouuss rreeccoovveerryy wwiitthh ppoossttmmaapp((11))//ppoossttaalliiaass((11))//ttllssmmggrr((88)) ffrroomm aa ccoorrrruupptteedd
ddaattaabbaassee..
NNoonn--oobbvviioouuss rreeccoovveerryy wwiitthh ppoossttssccrreeeenn((88)),, ttllssmmggrr((88)),, oorr vveerriiffyy((88)) ffrroomm aa
ccoorrrruupptteedd ddaattaabbaassee..
Problem:
You cannot rebuild a corrupted LMDB database simply by re-running postmap
(1) or postalias(1), or by waiting until the tlsmgr(8) daemon restarts.
This problem does not exist with other Postfix databases.
You cannot rebuild a corrupted LMDB database simply by waiting until a
daemon restarts. This problem does not exist with other Postfix databases.
Background:
The Postfix LMDB database client does not truncate the database file.
@ -112,9 +145,7 @@ Impact:
Postfix does not process mail until someone fixes the problem.
Recovery:
First delete the ".lmdb" file by hand. Then, rebuild the file with the
postmap(1) or postalias(1) command, or wait until the tlsmgr(8) daemon
restarts.
First delete the ".lmdb" file by hand. Then, restart postfix.
Prevention:
Arrange your file systems such that they never run out of free space.

18
postfix/RELEASE_NOTES
View File

@ -14,6 +14,24 @@ specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 2.9 or earlier, read RELEASE_NOTES-2.10
before proceeding.
Major changes with snapshot 20130929
====================================
Support to create LMDB databases is no longer available for the
postmap(1) and postalias(1) commands. Instead, consider using cdb:
to manage root-owned databases under the root-owned config_directory
(default: /etc/postfix) such as access(5), virtual(5), transport(5).
The reason is that LMDB applications require write access even when
the application itself is read-only. This violates the principle
of least privilege, and causes all kinds of problems when a non-root
process needs to query a root-owned database.
Support to create LMDB databases is available only for unprivileged
Postfix daemon processes such as postscreen(8), tlsmgr(8) and
verify(8) that manage postfix-owned databases under the postfix-owned
data_directory (default: /var/lib/postfix).
Major changes with snapshot 20130927
====================================

6
postfix/html/INSTALL.html
View File

@ -404,7 +404,11 @@ support is compiled in on platforms that are known to support it.
</td> </tr>
<tr> <td> </td> <td> -DNO_NIS </td> <td> Do not build with NIS or
NISPLUS support. NIS is not available on some recent Linux or Solaris
NISPLUS support. NIS is not available on some recent Linux
distributions. </td> </tr>
<tr> <td> </td> <td> -DNO_NISPLUS </td> <td> Do not build with
NISPLUS support. NISPLUS is not available on some recent Solaris
distributions. </td> </tr>
<tr> <td> </td> <td> -DNO_PCRE </td> <td> Do not build with PCRE

77
postfix/html/LMDB_README.html
View File

@ -19,12 +19,28 @@
<h2>Introduction</h2>
<blockquote> <p> Warning: LMDB applications require write access
even when the application itself is read-only. This violates the
principle of least privilege, and causes all kinds of problems
when a non-root process needs to query a root-owned database such
as <a href="access.5.html">access(5)</a>, <a href="virtual.5.html">virtual(5)</a>, or <a href="transport.5.html">transport(5)</a>. </p>
<p> Support to create LMDB databases is no longer available for the
<a href="postmap.1.html">postmap(1)</a> and <a href="postalias.1.html">postalias(1)</a> commands. Instead, consider using <a href="CDB_README.html">cdb</a>:
to manage root-owned databases under the root-owned <a href="postconf.5.html#config_directory">config_directory</a>
(default: <tt>/etc/postfix</tt>) such as <a href="access.5.html">access(5)</a>, <a href="virtual.5.html">virtual(5)</a>, or
<a href="transport.5.html">transport(5)</a>. </p>
<p> Support to create LMDB databases is available only for unprivileged
Postfix daemon processes such as <a href="postscreen.8.html">postscreen(8)</a>, <a href="tlsmgr.8.html">tlsmgr(8)</a> and
<a href="verify.8.html">verify(8)</a> that manage postfix-owned databases under the postfix-owned
<a href="postconf.5.html#data_directory">data_directory</a> (default: <tt>/var/lib/postfix</tt>). </p> </blockquote>
<p> Postfix uses databases of various kinds to store and look up
information. Postfix databases are specified as "type:name".
OpenLDAP LMDB implements the Postfix database type "lmdb".
The name of a Postfix OpenLDAP LMDB database is the name
of the database file without the ".lmdb" suffix. OpenLDAP LMDB databases
are maintained with the <a href="postmap.1.html">postmap(1)</a> and <a href="postalias.1.html">postalias(1)</a> commands. </p>
of the database file without the ".lmdb" suffix. </p>
<p> This document describes: </p>
@ -117,9 +133,34 @@ databases. </a> </h2>
<p> As documented below, conversion to LMDB introduces a number of
failure modes that don't exist with other Postfix databases. Some
failure modes have been eliminated on the course of time.
failure modes have been eliminated in the course of time.
The writeup below reflects the status as of of LMDB 0.9.8. </p>
<p> <strong>Unexpected "Permission denied" errors. </strong></p>
<dl>
<dt> Problem: </dt> <dd> <p> A world-readable LMDB database cannot
be opened by a process with a UID that differs from the database
file owner, even when an attempt is made to open the database
read-only. This problem does not exist with other Postfix databases.
</p> </dd>
<dt> Background: </dt> <dd> <p> The LMDB implementation requires
write access to maintain read locks, and perhaps for other purposes.
</p> </dd>
<dt> Solution: </dt> <dd> <p> Consider using <a href="CDB_README.html">cdb</a>: to manage root-owned
databases under the root-owned <tt>/etc</tt> or <a href="postconf.5.html#config_directory">config_directory</a>
(default: <tt>/etc/postfix</tt>) such as <a href="access.5.html">access(5)</a>, <a href="virtual.5.html">virtual(5)</a>,
<a href="transport.5.html">transport(5)</a>. Support to create LMDB databases is available only
for unprivileged Postfix daemon processes such as <a href="postscreen.8.html">postscreen(8)</a>,
<a href="tlsmgr.8.html">tlsmgr(8)</a> and <a href="verify.8.html">verify(8)</a> that manage postfix-owned databases under
the postfix-owned <a href="postconf.5.html#data_directory">data_directory</a> (default: <tt>/var/lib/postfix</tt>).
</p> </dd>
</dl>
<p> <strong>Unexpected "readers full" errors. </strong></p>
<dl>
@ -130,8 +171,8 @@ exist with other Postfix databases. </p> </dd>
<dt> Background: </dt> <dd> <p> The LMDB implementation enforces a
hard limit on the number of simultaneous read requests for the same
database environment. This limit must be specified with the
<a href="postconf.5.html#lmdb_max_readers">lmdb_max_readers</a> configuration parameter. </p> </dd>
database environment. This limit must be specified in advance with
the <a href="postconf.5.html#lmdb_max_readers">lmdb_max_readers</a> configuration parameter. </p> </dd>
<dt> Mitigation: </dt> <dd> <p> Postfix logs a warning suggesting
that the <a href="postconf.5.html#lmdb_max_readers">lmdb_max_readers</a> parameter value be increased, and retries
@ -139,8 +180,10 @@ the failed operation for a limited number of times while running
with reduced performance. </p> </dd>
<dt> Prevention: </dt> <dd> <p> Monitor your LMDB files for
MDB_READERS_FULL errors and make the necessary adjustments.
Consider using CDB for read-mostly databases. </p> </dd> </dl>
MDB_READERS_FULL errors. After making the necessary adjustments,
restart Postfix. </p> </dd>
</dl>
<!--
@ -249,15 +292,16 @@ sure that <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> &gt; 3x the
-->
<p> <strong>Non-obvious recovery with <a href="postmap.1.html">postmap(1)</a>/<a href="postalias.1.html">postalias(1)</a>/<a href="tlsmgr.8.html">tlsmgr(8)</a>
from a corrupted database. </strong></p>
<p> <strong>Non-obvious recovery with <!-- <a href="postmap.1.html">postmap(1)</a>, <a href="postalias.1.html">postalias(1)</a>, -->
<a href="postscreen.8.html">postscreen(8)</a>, <a href="tlsmgr.8.html">tlsmgr(8)</a>, or <a href="verify.8.html">verify(8)</a> from a corrupted database.
</strong></p>
<dl>
<dt> Problem: </dt> <dd> <p> You cannot rebuild a corrupted LMDB
database simply by re-running <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>, or by
waiting until the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon restarts. This problem
does not exist with other Postfix databases. </p> </dd>
database simply by <!-- re-running <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>, or
by --> waiting until a daemon restarts. This problem does not exist
with other Postfix databases. </p> </dd>
<dt> Background: </dt> <dd> <p> The Postfix LMDB database client
does not truncate the database file. Instead it attempts to create
@ -269,11 +313,12 @@ That is obviously not possible with a corrupted database file. </p>
someone fixes the problem. </p> </dd>
<dt> Recovery: </dt> <dd> <p> First delete the ".lmdb" file by hand.
Then, rebuild the file with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command,
or wait until the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon restarts. </p>
</dd>
Then, <!-- rebuild the file with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>
command if the file was created with those commands, or --> restart
postfix. <!-- daemons if the file is maintained by daemon processes.
--> </p> </dd>
<dt> Prevention: </dt> <dd>
<dt> Prevention: </dt> <dd>
<p> Arrange your file systems such that they never run out of free
space. </p>

9
postfix/makedefs
View File

@ -48,7 +48,10 @@
# are known to support it.
# .IP \fB-DNO_NIS\fR
# Do not build with NIS or NISPLUS support. Support for NIS
# is unavailable on some recent Linux and Solaris distributions.
# is unavailable on some recent Linux distributions.
# .IP \fB-DNO_NISPLUS\fR
# Do not build with NISPLUS support. Support for NISPLUS
# is unavailable on some recent Solaris distributions.
# .IP \fB-DNO_PCRE\fR
# Do not build with PCRE support.
# By default, PCRE support is compiled in when the \fBpcre-config\fR
@ -214,6 +217,10 @@ case "$SYSTEM.$RELEASE" in
case $RELEASE in
5.[0-8]|5.[0-8].*) CCARGS="$CCARGS -DNO_CLOSEFROM -DNO_DEV_URANDOM -DNO_FUTIMESAT -DSTREAM_CONNECTIONS";;
esac
# Somewhere NISPLUS went away.
case $RELEASE in
5.[0-9][0-9]*) CCARGS="$CCARGS -DNO_NISPLUS";;
esac
# Work around broken str*casecmp(). Do it all here instead
# of having half the solution in the sys_defs.h file.
CCARGS="$CCARGS -Dstrcasecmp=fix_strcasecmp \

6
postfix/proto/INSTALL.html
View File

@ -404,7 +404,11 @@ support is compiled in on platforms that are known to support it.
</td> </tr>
<tr> <td> </td> <td> -DNO_NIS </td> <td> Do not build with NIS or
NISPLUS support. NIS is not available on some recent Linux or Solaris
NISPLUS support. NIS is not available on some recent Linux
distributions. </td> </tr>
<tr> <td> </td> <td> -DNO_NISPLUS </td> <td> Do not build with
NISPLUS support. NISPLUS is not available on some recent Solaris
distributions. </td> </tr>
<tr> <td> </td> <td> -DNO_PCRE </td> <td> Do not build with PCRE

77
postfix/proto/LMDB_README.html
View File

@ -19,12 +19,28 @@
<h2>Introduction</h2>
<blockquote> <p> Warning: LMDB applications require write access
even when the application itself is read-only. This violates the
principle of least privilege, and causes all kinds of problems
when a non-root process needs to query a root-owned database such
as access(5), virtual(5), or transport(5). </p>
<p> Support to create LMDB databases is no longer available for the
postmap(1) and postalias(1) commands. Instead, consider using cdb:
to manage root-owned databases under the root-owned config_directory
(default: <tt>/etc/postfix</tt>) such as access(5), virtual(5), or
transport(5). </p>
<p> Support to create LMDB databases is available only for unprivileged
Postfix daemon processes such as postscreen(8), tlsmgr(8) and
verify(8) that manage postfix-owned databases under the postfix-owned
data_directory (default: <tt>/var/lib/postfix</tt>). </p> </blockquote>
<p> Postfix uses databases of various kinds to store and look up
information. Postfix databases are specified as "type:name".
OpenLDAP LMDB implements the Postfix database type "lmdb".
The name of a Postfix OpenLDAP LMDB database is the name
of the database file without the ".lmdb" suffix. OpenLDAP LMDB databases
are maintained with the postmap(1) and postalias(1) commands. </p>
of the database file without the ".lmdb" suffix. </p>
<p> This document describes: </p>
@ -117,9 +133,34 @@ databases. </a> </h2>
<p> As documented below, conversion to LMDB introduces a number of
failure modes that don't exist with other Postfix databases. Some
failure modes have been eliminated on the course of time.
failure modes have been eliminated in the course of time.
The writeup below reflects the status as of of LMDB 0.9.8. </p>
<p> <strong>Unexpected "Permission denied" errors. </strong></p>
<dl>
<dt> Problem: </dt> <dd> <p> A world-readable LMDB database cannot
be opened by a process with a UID that differs from the database
file owner, even when an attempt is made to open the database
read-only. This problem does not exist with other Postfix databases.
</p> </dd>
<dt> Background: </dt> <dd> <p> The LMDB implementation requires
write access to maintain read locks, and perhaps for other purposes.
</p> </dd>
<dt> Solution: </dt> <dd> <p> Consider using cdb: to manage root-owned
databases under the root-owned <tt>/etc</tt> or config_directory
(default: <tt>/etc/postfix</tt>) such as access(5), virtual(5),
transport(5). Support to create LMDB databases is available only
for unprivileged Postfix daemon processes such as postscreen(8),
tlsmgr(8) and verify(8) that manage postfix-owned databases under
the postfix-owned data_directory (default: <tt>/var/lib/postfix</tt>).
</p> </dd>
</dl>
<p> <strong>Unexpected "readers full" errors. </strong></p>
<dl>
@ -130,8 +171,8 @@ exist with other Postfix databases. </p> </dd>
<dt> Background: </dt> <dd> <p> The LMDB implementation enforces a
hard limit on the number of simultaneous read requests for the same
database environment. This limit must be specified with the
lmdb_max_readers configuration parameter. </p> </dd>
database environment. This limit must be specified in advance with
the lmdb_max_readers configuration parameter. </p> </dd>
<dt> Mitigation: </dt> <dd> <p> Postfix logs a warning suggesting
that the lmdb_max_readers parameter value be increased, and retries
@ -139,8 +180,10 @@ the failed operation for a limited number of times while running
with reduced performance. </p> </dd>
<dt> Prevention: </dt> <dd> <p> Monitor your LMDB files for
MDB_READERS_FULL errors and make the necessary adjustments.
Consider using CDB for read-mostly databases. </p> </dd> </dl>
MDB_READERS_FULL errors. After making the necessary adjustments,
restart Postfix. </p> </dd>
</dl>
<!--
@ -249,15 +292,16 @@ sure that lmdb_map_size &gt; 3x the largest LMDB file size. </p>
-->
<p> <strong>Non-obvious recovery with postmap(1)/postalias(1)/tlsmgr(8)
from a corrupted database. </strong></p>
<p> <strong>Non-obvious recovery with <!-- postmap(1), postalias(1), -->
postscreen(8), tlsmgr(8), or verify(8) from a corrupted database.
</strong></p>
<dl>
<dt> Problem: </dt> <dd> <p> You cannot rebuild a corrupted LMDB
database simply by re-running postmap(1) or postalias(1), or by
waiting until the tlsmgr(8) daemon restarts. This problem
does not exist with other Postfix databases. </p> </dd>
database simply by <!-- re-running postmap(1) or postalias(1), or
by --> waiting until a daemon restarts. This problem does not exist
with other Postfix databases. </p> </dd>
<dt> Background: </dt> <dd> <p> The Postfix LMDB database client
does not truncate the database file. Instead it attempts to create
@ -269,11 +313,12 @@ That is obviously not possible with a corrupted database file. </p>
someone fixes the problem. </p> </dd>
<dt> Recovery: </dt> <dd> <p> First delete the ".lmdb" file by hand.
Then, rebuild the file with the postmap(1) or postalias(1) command,
or wait until the tlsmgr(8) daemon restarts. </p>
</dd>
Then, <!-- rebuild the file with the postmap(1) or postalias(1)
command if the file was created with those commands, or --> restart
postfix. <!-- daemons if the file is maintained by daemon processes.
--> </p> </dd>
<dt> Prevention: </dt> <dd>
<dt> Prevention: </dt> <dd>
<p> Arrange your file systems such that they never run out of free
space. </p>

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20130928"
#define MAIL_RELEASE_DATE "20130929"
#define MAIL_VERSION_NUMBER "2.11"
#ifdef SNAPSHOT

26
postfix/src/global/mkmap_open.c
View File

@ -102,7 +102,29 @@ static const MKMAP_OPEN_INFO mkmap_types[] = {
DICT_TYPE_HASH, mkmap_hash_open,
DICT_TYPE_BTREE, mkmap_btree_open,
#endif
#ifdef HAS_LMDB
/*
* LMDB readers open the LMDB lock file O_RDWR. This complicates
* database sharing between processes that run with different effective
* UIDs.
*
* For example, this violates the Postfix security model as it passes a
* read-write file handle for a root-owned file under /etc/postfix into a
* non-root daemon process.
*
* This also totally breaks non-root access for root-owned databases by
* non-daemon processes.
*
* Even if LMDB lock files were kept under /tmp or /var/run, those files
* would still have to be world-writable, and that would still violate
* the principle of least privilege.
*
* For all these reasons, LMDB is supported only for caches that are
* maintained by non-root daemon processes such as postscreen(8),
* tlsmgr(8) or verify(8). All the effort to recover from bogus LMDB
* errors was good for something.
*/
#ifdef notdef
DICT_TYPE_LMDB, mkmap_lmdb_open,
#endif
DICT_TYPE_FAIL, mkmap_fail_open,
@ -165,7 +187,7 @@ MKMAP *mkmap_open(const char *type, const char *path,
*/
for (mp = mkmap_types; /* void */ ; mp++) {
if (mp->type == 0)
msg_fatal("unsupported map type: %s", type);
msg_fatal("unsupported map type for this operation: %s", type);
if (strcmp(type, mp->type) == 0)
break;
}

2
postfix/src/util/sys_defs.h
View File

@ -433,7 +433,9 @@ extern int opterr;
#define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/mail/aliases"
#ifndef NO_NIS
#define HAS_NIS
#ifndef NO_NISPLUS
#define HAS_NISPLUS
#endif /* NO_NISPLUS */
#endif
#define USE_SYS_SOCKIO_H /* Solaris 2.5, changed sys/ioctl.h */
#define GETTIMEOFDAY(t) gettimeofday(t)