From c0b942fbaa77cfeebf5e1de90f486039cb0582f9 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Mon, 17 Dec 2001 00:00:00 -0500 Subject: [PATCH] snapshot-20011217 --- postfix/HISTORY | 14 +++ postfix/RELEASE_NOTES | 14 +-- postfix/conf/postfix-script-nosgid | 1 - postfix/conf/postfix-script-sgid | 1 - postfix/html/sendmail.1.html | 142 +++++++++++++++-------------- postfix/man/man1/sendmail.1 | 3 + postfix/proto/Makefile | 0 postfix/src/global/mail_version.h | 2 +- postfix/src/master/Makefile.in | 3 + postfix/src/master/master_wakeup.c | 24 +++++ postfix/src/postalias/Makefile.in | 30 +++++- postfix/src/postalias/map-ABC1.ref | 1 + postfix/src/postalias/map-ABC2.ref | 1 + postfix/src/postalias/map-abc1.ref | 1 + postfix/src/postalias/map-abc2.ref | 1 + postfix/src/postalias/map-ghi1.ref | 1 + postfix/src/postalias/map-ghi2.ref | 1 + postfix/src/postalias/map.in | 2 + postfix/src/postmap/Makefile.in | 32 ++++++- postfix/src/postmap/map-ABC1.ref | 1 + postfix/src/postmap/map-ABC2.ref | 1 + postfix/src/postmap/map-abc1.ref | 1 + postfix/src/postmap/map-abc2.ref | 1 + postfix/src/postmap/map-ghi1.ref | 1 + postfix/src/postmap/map-ghi2.ref | 1 + postfix/src/postmap/map.in | 2 + postfix/src/sendmail/sendmail.c | 13 +-- postfix/src/util/Makefile.in | 4 + postfix/src/util/fifo_trigger.c | 10 +- 29 files changed, 215 insertions(+), 94 deletions(-) delete mode 100644 postfix/proto/Makefile create mode 100644 postfix/src/postalias/map-ABC1.ref create mode 100644 postfix/src/postalias/map-ABC2.ref create mode 100644 postfix/src/postalias/map-abc1.ref create mode 100644 postfix/src/postalias/map-abc2.ref create mode 100644 postfix/src/postalias/map-ghi1.ref create mode 100644 postfix/src/postalias/map-ghi2.ref create mode 100644 postfix/src/postalias/map.in create mode 100644 postfix/src/postmap/map-ABC1.ref create mode 100644 postfix/src/postmap/map-ABC2.ref create mode 100644 postfix/src/postmap/map-abc1.ref create mode 100644 postfix/src/postmap/map-abc2.ref create mode 100644 postfix/src/postmap/map-ghi1.ref create mode 100644 postfix/src/postmap/map-ghi2.ref create mode 100644 postfix/src/postmap/map.in diff --git a/postfix/HISTORY b/postfix/HISTORY index 54be1cf01..53af27405 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -5795,8 +5795,22 @@ Apologies for any names omitted. when the next line starts with whitespace; a comment that is preceded by whitespace does not break multi-line input. +20011217 + + Compatibility: Sendmail now has a -L option to set the + syslogging label. Postfix sendmail uses syslog_name instead, + and ignores the -L option. + + Security: subtle hardening of the Postfix chroot jail, + Postfix queue file permissions and access methods, in case + someone compromises the postfix account. Michael Tokarev + claims he got the insights from Solar Designer. Files: + master/master_wakeup.c, util/fifo_trigger.c, postfix-script. + Open problems: + Low: warn about undomained hostnames instead of aborting. + Low: after reorganizing configuration parameters, add flags to all parameters whose value can be read from file. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index c932a32cb..a00487700 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,16 +1,18 @@ -Incompatible changes with snapshot-20011216 +Incompatible changes with snapshot-20011217 =========================================== -Postfix configuration file comments no longer span multiple lines -when the next line starts with whitespace. This may cause unexpected -behavior with existing, improperly formatted, configuration files. +Postfix configuration file comments no longer continue on the next +line when that next line starts with whitespace. This change avoids +surprises, but it may cause unexpected behavior with existing, +poorly formatted, configuration files. Caveat user. -Major changes with snapshot-20011216 +Major changes with snapshot-20011217 ==================================== Postfix configuration files now support whitespace before comments. This allows you to comment out just one line in the middle of a -block of multi-line input. +block of multi-line input. A comment that starts at the beginning +of a line always terminates previous data. Incompatible changes with snapshot-20011210 =========================================== diff --git a/postfix/conf/postfix-script-nosgid b/postfix/conf/postfix-script-nosgid index d7c02ea8e..62e57b759 100755 --- a/postfix/conf/postfix-script-nosgid +++ b/postfix/conf/postfix-script-nosgid @@ -184,7 +184,6 @@ check) $WARN creating missing Postfix pid directory mkdir pid || exit 1 chmod 755 pid - chown $mail_owner pid } for dir in incoming active bounce defer deferred flush saved corrupt; do test -d $dir || { diff --git a/postfix/conf/postfix-script-sgid b/postfix/conf/postfix-script-sgid index f5df28ca1..a2da2c6e0 100644 --- a/postfix/conf/postfix-script-sgid +++ b/postfix/conf/postfix-script-sgid @@ -185,7 +185,6 @@ check) $WARN creating missing Postfix pid directory mkdir pid || exit 1 chmod 755 pid - chown $mail_owner pid } for dir in incoming active bounce defer deferred flush saved corrupt; do test -d $dir || { diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index 8918f9858..7a1eda7fb 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -79,64 +79,68 @@ SENDMAIL(1) SENDMAIL(1) -I Initialize alias database. See the newaliases com- mand above. + -L label (ignored) + The logging label. Use the syslog_name configura- + tion parameter instead. + -N dsn (ignored) - Delivery status notification control. Currently, + Delivery status notification control. Currently, Postfix does not implement DSN. -R return_limit (ignored) - Limit the size of bounced mail. Use the - bounce_size_limit configuration parameter instead. + Limit the size of bounced mail. Use the + bounce_size_limit configuration parameter instead. -X log_file (ignored) - Log mailer traffic. Use the debug_peer_list and - debug_peer_level configuration parameters instead. + Log mailer traffic. Use the debug_peer_list and + debug_peer_level configuration parameters instead. -U (ignored) Initial user submission. - -V Variable Envelope Return Path. Given an envelope - sender address of the form owner-listname@origin, - each recipient user@domain receives mail with a + -V Variable Envelope Return Path. Given an envelope + sender address of the form owner-listname@origin, + each recipient user@domain receives mail with a personalized envelope sender address. - By default, the personalized envelope sender - address is owner-listname+user=domain@origin. The - default + and = characters are configurable with - the default_verp_delimiters configuration parame- - ter. - - -Vxy As -V, but uses x and y as the VERP delimiter char- - acters, instead of the characters specified with + By default, the personalized envelope sender + address is owner-listname+user=domain@origin. The + default + and = characters are configurable with the default_verp_delimiters configuration parame- ter. - -bd Go into daemon mode. This mode of operation is + -Vxy As -V, but uses x and y as the VERP delimiter char- + acters, instead of the characters specified with + the default_verp_delimiters configuration parame- + ter. + + -bd Go into daemon mode. This mode of operation is implemented by executing the postfix start command. - -bi Initialize alias database. See the newaliases com- + -bi Initialize alias database. See the newaliases com- mand above. - -bm Read mail from standard input and arrange for + -bm Read mail from standard input and arrange for delivery. This is the default mode of operation. -bp List the mail queue. See the mailq command above. - -bs Stand-alone SMTP server mode. Read SMTP commands - from standard input, and write responses to stan- + -bs Stand-alone SMTP server mode. Read SMTP commands + from standard input, and write responses to stan- dard output. This mode of operation is implemented by running the smtpd(8) daemon. -f sender Set the envelope sender address. This is the address where delivery problems are sent to, unless - the message contains an Errors-To: message header. + the message contains an Errors-To: message header. -h hop_count (ignored) - Hop count limit. Use the hopcount_limit configura- + Hop count limit. Use the hopcount_limit configura- tion parameter instead. - -i When reading a message from standard input, don't - treat a line with only a . character as the end of + -i When reading a message from standard input, don't + treat a line with only a . character as the end of input. -m (ignored) @@ -146,67 +150,67 @@ SENDMAIL(1) SENDMAIL(1) Backwards compatibility. -oAalias_database - Non-default alias database. Specify pathname or + Non-default alias database. Specify pathname or type:pathname. See postalias(1) for details. -o7 (ignored) -o8 (ignored) - The message body type. Currently, Postfix imple- + The message body type. Currently, Postfix imple- ments just-send-eight. - -oi When reading a message from standard input, don't - treat a line with only a . character as the end of + -oi When reading a message from standard input, don't + treat a line with only a . character as the end of input. -om (ignored) - The sender is never eliminated from alias etc. + The sender is never eliminated from alias etc. expansions. -o x value (ignored) - Set option x to value. Use the equivalent configu- + Set option x to value. Use the equivalent configu- ration parameter in main.cf instead. -r sender Set the envelope sender address. This is the address where delivery problems are sent to, unless - the message contains an Errors-To: message header. + the message contains an Errors-To: message header. - -q Attempt to deliver all queued mail. This is imple- + -q Attempt to deliver all queued mail. This is imple- mented by kicking the qmgr(8) daemon. -qinterval (ignored) - The interval between queue runs. Use the + The interval between queue runs. Use the queue_run_delay configuration parameter instead. -qRsite - Schedule immediate delivery of all mail that is + Schedule immediate delivery of all mail that is queued for the named site. This option accepts only - site names that are eligible for the "fast flush" - service, and is implemented by connecting to the + site names that are eligible for the "fast flush" + service, and is implemented by connecting to the local SMTP server at $myhostname. See flush(8) for more information about the "fast flush" service. -qSsite - This command is not implemented. Use the slower + This command is not implemented. Use the slower sendmail -q command instead. - -t Extract recipients from message headers. This - requires that no recipients be specified on the + -t Extract recipients from message headers. This + requires that no recipients be specified on the command line. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. SECURITY - By design, this program is not set-user (or group) id. - However, it must handle data from untrusted users or - untrusted machines. Thus, the usual precautions need to + By design, this program is not set-user (or group) id. + However, it must handle data from untrusted users or + untrusted machines. Thus, the usual precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard + Problems are logged to syslogd(8) and to the standard error stream. ENVIRONMENT @@ -218,7 +222,7 @@ SENDMAIL(1) SENDMAIL(1) MAIL_DEBUG Enable debugging with an external command, as spec- - ified with the debugger_command configuration + ified with the debugger_command configuration parameter. FILES @@ -226,13 +230,13 @@ SENDMAIL(1) SENDMAIL(1) /etc/postfix, configuration files CONFIGURATION PARAMETERS - See the Postfix main.cf file for syntax details and for - default values. Use the postfix reload command after a + See the Postfix main.cf file for syntax details and for + default values. Use the postfix reload command after a configuration change. alias_database - Default alias database(s) for newaliases. The - default value for this parameter is system-spe- + Default alias database(s) for newaliases. The + default value for this parameter is system-spe- cific. bounce_size_limit @@ -248,64 +252,64 @@ SENDMAIL(1) SENDMAIL(1) initialized. debug_peer_level - Increment in verbose logging level when a remote + Increment in verbose logging level when a remote host matches a pattern in the debug_peer_list parameter. debug_peer_list - List of domain or network patterns. When a remote - host matches a pattern, increase the verbose log- - ging level by the amount specified in the + List of domain or network patterns. When a remote + host matches a pattern, increase the verbose log- + ging level by the amount specified in the debug_peer_level parameter. default_verp_delimiters - The VERP delimiter characters that are used when - the -V command line option is specified without + The VERP delimiter characters that are used when + the -V command line option is specified without delimiter characters. fast_flush_domains List of domains that will receive "fast flush" ser- - vice (default: all domains that this system is - willing to relay mail to). This greatly improves - the performance of the SMTP ETRN request, and of - the sendmail -qR command. For domains not in the + vice (default: all domains that this system is + willing to relay mail to). This greatly improves + the performance of the SMTP ETRN request, and of + the sendmail -qR command. For domains not in the list, Postfix simply attempts to deliver all queued mail. fork_attempts - Number of attempts to fork() a process before giv- + Number of attempts to fork() a process before giv- ing up. fork_delay - Delay in seconds between successive fork() + Delay in seconds between successive fork() attempts. hopcount_limit Limit the number of Received: message headers. mail_owner - The owner of the mail queue and of most Postfix + The owner of the mail queue and of most Postfix processes. command_directory - Directory with Postfix support commands (default: + Directory with Postfix support commands (default: $program_directory). daemon_directory - Directory with Postfix daemon programs (default: + Directory with Postfix daemon programs (default: $program_directory). queue_directory - Top-level directory of the Postfix queue. This is + Top-level directory of the Postfix queue. This is also the root directory of Postfix daemons that run chrooted. queue_run_delay - The time between successive scans of the deferred + The time between successive scans of the deferred queue. verp_delimiter_filter - The characters that Postfix accepts as VERP delim- + The characters that Postfix accepts as VERP delim- iter characters. SEE ALSO @@ -321,7 +325,7 @@ SENDMAIL(1) SENDMAIL(1) syslogd(8) system logging LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index 16b6d43c7..76ecab0db 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -71,6 +71,9 @@ Gateway (relay) submission, as opposed to initial user submission. .IP \fB-I\fR Initialize alias database. See the \fBnewaliases\fR command above. +.IP "\fB-L \fIlabel\fR (ignored)" +The logging label. Use the \fBsyslog_name\fR configuration +parameter instead. .IP "\fB-N \fIdsn\fR (ignored)" Delivery status notification control. Currently, Postfix does not implement \fBDSN\fR. diff --git a/postfix/proto/Makefile b/postfix/proto/Makefile deleted file mode 100644 index e69de29bb..000000000 diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 1fc8ab211..d69188498 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20011216" +#define DEF_MAIL_VERSION "Snapshot-20011217" extern char *var_mail_version; /* LICENSE diff --git a/postfix/src/master/Makefile.in b/postfix/src/master/Makefile.in index 93a10e380..6f73ef3f1 100644 --- a/postfix/src/master/Makefile.in +++ b/postfix/src/master/Makefile.in @@ -203,11 +203,14 @@ master_wakeup.o: ../../include/sys_defs.h master_wakeup.o: ../../include/msg.h master_wakeup.o: ../../include/trigger.h master_wakeup.o: ../../include/events.h +master_wakeup.o: ../../include/set_eugid.h +master_wakeup.o: ../../include/set_ugid.h master_wakeup.o: ../../include/mail_proto.h master_wakeup.o: ../../include/vstream.h master_wakeup.o: ../../include/vbuf.h master_wakeup.o: ../../include/iostuff.h master_wakeup.o: ../../include/attr.h +master_wakeup.o: ../../include/mail_params.h master_wakeup.o: mail_server.h master_wakeup.o: master.h multi_server.o: multi_server.c diff --git a/postfix/src/master/master_wakeup.c b/postfix/src/master/master_wakeup.c index 16cc7be5b..e5aa9d1e5 100644 --- a/postfix/src/master/master_wakeup.c +++ b/postfix/src/master/master_wakeup.c @@ -58,10 +58,13 @@ #include #include #include +#include +#include /* Global library. */ #include /* triggers */ +#include /* Application-specific. */ @@ -101,8 +104,29 @@ static void master_wakeup_timer_event(int unused_event, char *context) case MASTER_SERV_TYPE_UNIX: status = LOCAL_TRIGGER(serv->name, &wakeup, sizeof(wakeup), BRIEFLY); break; + + /* + * If someone compromises the postfix account then this must not + * overwrite files outside the chroot jail. Countermeasures: + * + * - Limit the damage by accessing the FIFO as postfix not root. + * + * - Have fifo_trigger() call safe_open() so we won't follow + * arbitrary hard/symlinks to files in/outside the chroot jail. + * + * - All non-chroot postfix-related files must be root owned (or + * postfix check complains). + * + * - The postfix user and group ID must not be shared with other + * applications (says the INSTALL documentation). + * + * Result of a discussion with Michael Tokarev who claims het got + * his insights from Solar Designer. + */ case MASTER_SERV_TYPE_FIFO: + set_eugid(var_owner_uid, var_owner_gid); status = fifo_trigger(serv->name, &wakeup, sizeof(wakeup), BRIEFLY); + set_ugid(getuid(), getgid()); break; default: msg_panic("%s: unknown service type: %d", myname, serv->type); diff --git a/postfix/src/postalias/Makefile.in b/postfix/src/postalias/Makefile.in index f5449495f..b18759656 100644 --- a/postfix/src/postalias/Makefile.in +++ b/postfix/src/postalias/Makefile.in @@ -21,10 +21,36 @@ $(PROG): $(OBJS) $(LIBS) Makefile: Makefile.in (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@ -test: $(TESTPROG) - update: ../../bin/$(PROG) +test: test1 test2 + +test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref + ./$(PROG) map.in + for key in abc ghi; \ + do \ + ./$(PROG) -q $${key} map.in | diff map-$${key}1.ref -; \ + done + ./$(PROG) -f map.in + for key in ABC; \ + do \ + ./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \ + done + rm -f map.in.db + +test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref + ./$(PROG) map.in + for key in abc ghi; \ + do \ + echo $${key} | ./$(PROG) -q - map.in | diff map-$${key}2.ref -; \ + done + ./$(PROG) -f map.in + for key in ABC; \ + do \ + echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \ + done + rm -f map.in.db + ../../bin/$(PROG): $(PROG) cp $(PROG) ../../bin diff --git a/postfix/src/postalias/map-ABC1.ref b/postfix/src/postalias/map-ABC1.ref new file mode 100644 index 000000000..142195f36 --- /dev/null +++ b/postfix/src/postalias/map-ABC1.ref @@ -0,0 +1 @@ +DEF diff --git a/postfix/src/postalias/map-ABC2.ref b/postfix/src/postalias/map-ABC2.ref new file mode 100644 index 000000000..929916bcb --- /dev/null +++ b/postfix/src/postalias/map-ABC2.ref @@ -0,0 +1 @@ +ABC: DEF diff --git a/postfix/src/postalias/map-abc1.ref b/postfix/src/postalias/map-abc1.ref new file mode 100644 index 000000000..142195f36 --- /dev/null +++ b/postfix/src/postalias/map-abc1.ref @@ -0,0 +1 @@ +DEF diff --git a/postfix/src/postalias/map-abc2.ref b/postfix/src/postalias/map-abc2.ref new file mode 100644 index 000000000..dfbdab6f1 --- /dev/null +++ b/postfix/src/postalias/map-abc2.ref @@ -0,0 +1 @@ +abc: DEF diff --git a/postfix/src/postalias/map-ghi1.ref b/postfix/src/postalias/map-ghi1.ref new file mode 100644 index 000000000..7beb1db20 --- /dev/null +++ b/postfix/src/postalias/map-ghi1.ref @@ -0,0 +1 @@ +jkl diff --git a/postfix/src/postalias/map-ghi2.ref b/postfix/src/postalias/map-ghi2.ref new file mode 100644 index 000000000..e2ca310ca --- /dev/null +++ b/postfix/src/postalias/map-ghi2.ref @@ -0,0 +1 @@ +ghi: jkl diff --git a/postfix/src/postalias/map.in b/postfix/src/postalias/map.in new file mode 100644 index 000000000..203fa0cd3 --- /dev/null +++ b/postfix/src/postalias/map.in @@ -0,0 +1,2 @@ +ABC: DEF +ghi: jkl diff --git a/postfix/src/postmap/Makefile.in b/postfix/src/postmap/Makefile.in index bcc098a6b..a96270e30 100644 --- a/postfix/src/postmap/Makefile.in +++ b/postfix/src/postmap/Makefile.in @@ -21,13 +21,39 @@ $(PROG): $(OBJS) $(LIBS) Makefile: Makefile.in (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@ -test: $(TESTPROG) - update: ../../bin/$(PROG) ../../bin/$(PROG): $(PROG) cp $(PROG) ../../bin +test: test1 test2 + +test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref + ./$(PROG) map.in + for key in abc ghi; \ + do \ + ./$(PROG) -q $${key} map.in | diff map-$${key}1.ref -; \ + done + ./$(PROG) -f map.in + for key in ABC; \ + do \ + ./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \ + done + rm -f map.in.db + +test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref + ./$(PROG) map.in + for key in abc ghi; \ + do \ + echo $${key} | ./$(PROG) -q - map.in | diff map-$${key}2.ref -; \ + done + ./$(PROG) -f map.in + for key in ABC; \ + do \ + echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \ + done + rm -f map.in.db + printfck: $(OBJS) $(PROG) rm -rf printfck mkdir printfck @@ -39,7 +65,7 @@ lint: lint $(DEFS) $(SRCS) $(LINTFIX) clean: - rm -f *.o *core $(PROG) $(TESTPROG) junk + rm -f *.o *core $(PROG) $(TESTPROG) junk map.in.db rm -rf printfck tidy: clean diff --git a/postfix/src/postmap/map-ABC1.ref b/postfix/src/postmap/map-ABC1.ref new file mode 100644 index 000000000..142195f36 --- /dev/null +++ b/postfix/src/postmap/map-ABC1.ref @@ -0,0 +1 @@ +DEF diff --git a/postfix/src/postmap/map-ABC2.ref b/postfix/src/postmap/map-ABC2.ref new file mode 100644 index 000000000..cc3ea4e3c --- /dev/null +++ b/postfix/src/postmap/map-ABC2.ref @@ -0,0 +1 @@ +ABC DEF diff --git a/postfix/src/postmap/map-abc1.ref b/postfix/src/postmap/map-abc1.ref new file mode 100644 index 000000000..142195f36 --- /dev/null +++ b/postfix/src/postmap/map-abc1.ref @@ -0,0 +1 @@ +DEF diff --git a/postfix/src/postmap/map-abc2.ref b/postfix/src/postmap/map-abc2.ref new file mode 100644 index 000000000..2ee5fab43 --- /dev/null +++ b/postfix/src/postmap/map-abc2.ref @@ -0,0 +1 @@ +abc DEF diff --git a/postfix/src/postmap/map-ghi1.ref b/postfix/src/postmap/map-ghi1.ref new file mode 100644 index 000000000..7beb1db20 --- /dev/null +++ b/postfix/src/postmap/map-ghi1.ref @@ -0,0 +1 @@ +jkl diff --git a/postfix/src/postmap/map-ghi2.ref b/postfix/src/postmap/map-ghi2.ref new file mode 100644 index 000000000..5926a187f --- /dev/null +++ b/postfix/src/postmap/map-ghi2.ref @@ -0,0 +1 @@ +ghi jkl diff --git a/postfix/src/postmap/map.in b/postfix/src/postmap/map.in new file mode 100644 index 000000000..f1805549e --- /dev/null +++ b/postfix/src/postmap/map.in @@ -0,0 +1,2 @@ +ABC DEF +ghi jkl diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index c18c9e679..f25988749 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -65,6 +65,9 @@ /* .IP \fB-I\fR /* Initialize alias database. See the \fBnewaliases\fR /* command above. +/* .IP "\fB-L \fIlabel\fR (ignored)" +/* The logging label. Use the \fBsyslog_name\fR configuration +/* parameter instead. /* .IP "\fB-N \fIdsn\fR (ignored)" /* Delivery status notification control. Currently, Postfix does /* not implement \fBDSN\fR. @@ -860,7 +863,7 @@ int main(int argc, char **argv) optind++; continue; } - if ((c = GETOPT(argc, argv, "B:C:F:GIN:R:UV:X:b:ce:f:h:imno:p:r:q:tvx")) <= 0) + if ((c = GETOPT(argc, argv, "B:C:F:GIL:N:R:UV:X:b:ce:f:h:imno:p:r:q:tvx")) <= 0) break; switch (c) { default: @@ -869,20 +872,12 @@ int main(int argc, char **argv) break; case 'n': fatal_error(EX_USAGE, "-%c option not supported", c); - case 'B': /* body type */ - break; case 'F': /* full name */ full_name = optarg; break; - case 'G': /* gateway submission */ - break; case 'I': /* newaliases */ mode = SM_MODE_NEWALIAS; break; - case 'N': /* DSN */ - break; - case 'R': /* DSN */ - break; case 'V': /* VERP */ if (verp_delims_verify(optarg) != 0) fatal_error(EX_USAGE, "-V requires two characters from %s", diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 74b10ed0e..f345644cc 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -690,6 +690,10 @@ fifo_trigger.o: fifo_trigger.c fifo_trigger.o: sys_defs.h fifo_trigger.o: msg.h fifo_trigger.o: iostuff.h +fifo_trigger.o: safe_open.h +fifo_trigger.o: vstream.h +fifo_trigger.o: vbuf.h +fifo_trigger.o: vstring.h fifo_trigger.o: trigger.h file_limit.o: file_limit.c file_limit.o: sys_defs.h diff --git a/postfix/src/util/fifo_trigger.c b/postfix/src/util/fifo_trigger.c index b28011436..feff2e421 100644 --- a/postfix/src/util/fifo_trigger.c +++ b/postfix/src/util/fifo_trigger.c @@ -49,6 +49,7 @@ #include #include +#include #include /* fifo_trigger - wakeup fifo server */ @@ -56,18 +57,23 @@ int fifo_trigger(const char *service, const char *buf, int len, int timeout) { char *myname = "fifo_trigger"; + VSTREAM *fp; int fd; /* * Write the request to the service fifo. According to POSIX, the open * shall always return immediately, and shall return an error when no * process is reading from the FIFO. + * + * Use safe_open() so that we don't follow arbitrary symlinks. */ - if ((fd = open(service, O_WRONLY | O_NONBLOCK, 0)) < 0) { + if ((fp = safe_open(service, O_WRONLY | O_NONBLOCK, 0, + (struct stat *) 0, -1, -1, (VSTRING *) 0)) == 0) { if (msg_verbose) msg_info("%s: open %s: %m", myname, service); return (-1); } + fd = vstream_fileno(fp); /* * Write the request... @@ -80,7 +86,7 @@ int fifo_trigger(const char *service, const char *buf, int len, int timeout) /* * Disconnect. */ - if (close(fd)) + if (vstream_fclose(fp)) if (msg_verbose) msg_warn("%s: close %s: %m", myname, service); return (0);