postfix-2.5.5

postfix/HISTORY

@@ -14430,3 +14430,14 @@ Apologies for any names omitted.
 	symlink itself is owned by root).  This change will break
 	legitimate configurations that deliver mail to a symbolic
 	link in a directory with less restrictive permissions.
+
+20080826
+
+	Bugfix (introduced Postfix 2.4): epoll file descriptor leak.
+	With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll
+	file descriptor leak when it executes non-Postfix commands
+	in, for example, user-controlled $HOME/.forward files.  A
+	local user can access a leaked epoll file descriptor to
+	implement a denial of service attack on Postfix. Data
+	confidentiality and integrity are not affected.  File:
+	util/events.c.

postfix/src/global/mail_version.h

@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20080814"
+#define MAIL_RELEASE_DATE	"20080902"
-#define MAIL_VERSION_NUMBER	"2.5.4"
+#define MAIL_VERSION_NUMBER	"2.5.5"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE

postfix/src/util/events.c

@@ -354,6 +354,7 @@ static int event_pollfd;		/* handle to file descriptor set */
 
 #define EVENT_REG_INIT_HANDLE(er, n) do { \
 	er = event_pollfd = open("/dev/poll", O_RDWR); \
+	if (event_pollfd >= 0) close_on_exec(event_pollfd, CLOSE_ON_EXEC); \
     } while (0)
 #define EVENT_REG_INIT_TEXT	"open /dev/poll"
 
@@ -425,6 +426,7 @@ static int event_epollfd;		/* epoll handle */
 
 #define EVENT_REG_INIT_HANDLE(er, n) do { \
 	er = event_epollfd = epoll_create(n); \
+	if (event_epollfd >= 0) close_on_exec(event_epollfd, CLOSE_ON_EXEC); \
     } while (0)
 #define EVENT_REG_INIT_TEXT	"epoll_create"