diff --git a/postfix/HISTORY b/postfix/HISTORY index 38add05f6..9c20918b4 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13647,3 +13647,13 @@ Apologies for any names omitted. legitimate configurations that deliver mail to a symbolic link in a directory with less restrictive permissions. +20080826 + + Bugfix (introduced Postfix 2.4): epoll file descriptor leak. + With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll + file descriptor leak when it executes non-Postfix commands + in, for example, user-controlled $HOME/.forward files. A + local user can access a leaked epoll file descriptor to + implement a denial of service attack on Postfix. Data + confidentiality and integrity are not affected. File: + util/events.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4306d622e..312749536 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20080814" -#define MAIL_VERSION_NUMBER "2.4.8" +#define MAIL_RELEASE_DATE "20080902" +#define MAIL_VERSION_NUMBER "2.4.9" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/util/events.c b/postfix/src/util/events.c index 0aa9eee52..3e4239e78 100644 --- a/postfix/src/util/events.c +++ b/postfix/src/util/events.c @@ -354,6 +354,7 @@ static int event_pollfd; /* handle to file descriptor set */ #define EVENT_REG_INIT_HANDLE(er, n) do { \ er = event_pollfd = open("/dev/poll", O_RDWR); \ + if (event_pollfd >= 0) close_on_exec(event_pollfd, CLOSE_ON_EXEC); \ } while (0) #define EVENT_REG_INIT_TEXT "open /dev/poll" @@ -425,6 +426,7 @@ static int event_epollfd; /* epoll handle */ #define EVENT_REG_INIT_HANDLE(er, n) do { \ er = event_epollfd = epoll_create(n); \ + if (event_epollfd >= 0) close_on_exec(event_epollfd, CLOSE_ON_EXEC); \ } while (0) #define EVENT_REG_INIT_TEXT "epoll_create"