mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 22:25:24 +00:00
Code Issues Releases Wiki Activity

snapshot-20011217

Browse Source
This commit is contained in:
Wietse Venema
2001-12-17 00:00:00 -05:00
committed by Viktor Dukhovni
parent 468ab80791
commit c0b942fbaa
29 changed files with 215 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
postfix/HISTORY
View File

@@ -5795,8 +5795,22 @@ Apologies for any names omitted.
when the next line starts with whitespace; a comment that when the next line starts with whitespace; a comment that
is preceded by whitespace does not break multi-line input. is preceded by whitespace does not break multi-line input.
20011217
Compatibility: Sendmail now has a -L option to set the
syslogging label. Postfix sendmail uses syslog_name instead,
and ignores the -L option.
Security: subtle hardening of the Postfix chroot jail,
Postfix queue file permissions and access methods, in case
someone compromises the postfix account. Michael Tokarev
claims he got the insights from Solar Designer. Files:
master/master_wakeup.c, util/fifo_trigger.c, postfix-script.
Open problems: Open problems:
Low: warn about undomained hostnames instead of aborting.
Low: after reorganizing configuration parameters, add flags Low: after reorganizing configuration parameters, add flags
to all parameters whose value can be read from file. to all parameters whose value can be read from file.

14
postfix/RELEASE_NOTES
View File

@@ -1,16 +1,18 @@
Incompatible changes with snapshot-20011216 Incompatible changes with snapshot-20011217
=========================================== ===========================================
Postfix configuration file comments no longer span multiple lines Postfix configuration file comments no longer continue on the next
when the next line starts with whitespace. This may cause unexpected line when that next line starts with whitespace. This change avoids
behavior with existing, improperly formatted, configuration files. surprises, but it may cause unexpected behavior with existing,
poorly formatted, configuration files. Caveat user.
Major changes with snapshot-20011216 Major changes with snapshot-20011217
==================================== ====================================
Postfix configuration files now support whitespace before comments. Postfix configuration files now support whitespace before comments.
This allows you to comment out just one line in the middle of a This allows you to comment out just one line in the middle of a
block of multi-line input. block of multi-line input. A comment that starts at the beginning
of a line always terminates previous data.
Incompatible changes with snapshot-20011210 Incompatible changes with snapshot-20011210
=========================================== ===========================================

1
postfix/conf/postfix-script-nosgid
View File

@@ -184,7 +184,6 @@ check)
$WARN creating missing Postfix pid directory $WARN creating missing Postfix pid directory
mkdir pid || exit 1 mkdir pid || exit 1
chmod 755 pid chmod 755 pid
chown $mail_owner pid
} }
for dir in incoming active bounce defer deferred flush saved corrupt; do for dir in incoming active bounce defer deferred flush saved corrupt; do
test -d $dir || { test -d $dir || {

1
postfix/conf/postfix-script-sgid
View File

@@ -185,7 +185,6 @@ check)
$WARN creating missing Postfix pid directory $WARN creating missing Postfix pid directory
mkdir pid || exit 1 mkdir pid || exit 1
chmod 755 pid chmod 755 pid
chown $mail_owner pid
} }
for dir in incoming active bounce defer deferred flush saved corrupt; do for dir in incoming active bounce defer deferred flush saved corrupt; do
test -d $dir || { test -d $dir || {

4
postfix/html/sendmail.1.html
View File

@@ -79,6 +79,10 @@ SENDMAIL(1) SENDMAIL(1)
<b>-I</b> Initialize alias database. See the <b>newaliases</b> com- <b>-I</b> Initialize alias database. See the <b>newaliases</b> com-
mand above. mand above.
<b>-L</b> <i>label</i> (ignored)
The logging label. Use the <b>syslog</b><i>_</i><b>name</b> configura-
tion parameter instead.
<b>-N</b> <i>dsn</i> (ignored) <b>-N</b> <i>dsn</i> (ignored)
Delivery status notification control. Currently, Delivery status notification control. Currently,
Postfix does not implement <b>DSN</b>. Postfix does not implement <b>DSN</b>.

3
postfix/man/man1/sendmail.1
View File

@@ -71,6 +71,9 @@ Gateway (relay) submission, as opposed to initial user submission.
.IP \fB-I\fR .IP \fB-I\fR
Initialize alias database. See the \fBnewaliases\fR Initialize alias database. See the \fBnewaliases\fR
command above. command above.
.IP "\fB-L \fIlabel\fR (ignored)"
The logging label. Use the \fBsyslog_name\fR configuration
parameter instead.
.IP "\fB-N \fIdsn\fR (ignored)" .IP "\fB-N \fIdsn\fR (ignored)"
Delivery status notification control. Currently, Postfix does Delivery status notification control. Currently, Postfix does
not implement \fBDSN\fR. not implement \fBDSN\fR.

0
postfix/proto/Makefile
View File

2
postfix/src/global/mail_version.h
View File

@@ -15,7 +15,7 @@
* Version of this program. * Version of this program.
*/ */
#define VAR_MAIL_VERSION "mail_version" #define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20011216" #define DEF_MAIL_VERSION "Snapshot-20011217"
extern char *var_mail_version; extern char *var_mail_version;
/* LICENSE /* LICENSE

3
postfix/src/master/Makefile.in
View File

@@ -203,11 +203,14 @@ master_wakeup.o: ../../include/sys_defs.h
master_wakeup.o: ../../include/msg.h master_wakeup.o: ../../include/msg.h
master_wakeup.o: ../../include/trigger.h master_wakeup.o: ../../include/trigger.h
master_wakeup.o: ../../include/events.h master_wakeup.o: ../../include/events.h
master_wakeup.o: ../../include/set_eugid.h
master_wakeup.o: ../../include/set_ugid.h
master_wakeup.o: ../../include/mail_proto.h master_wakeup.o: ../../include/mail_proto.h
master_wakeup.o: ../../include/vstream.h master_wakeup.o: ../../include/vstream.h
master_wakeup.o: ../../include/vbuf.h master_wakeup.o: ../../include/vbuf.h
master_wakeup.o: ../../include/iostuff.h master_wakeup.o: ../../include/iostuff.h
master_wakeup.o: ../../include/attr.h master_wakeup.o: ../../include/attr.h
master_wakeup.o: ../../include/mail_params.h
master_wakeup.o: mail_server.h master_wakeup.o: mail_server.h
master_wakeup.o: master.h master_wakeup.o: master.h
multi_server.o: multi_server.c multi_server.o: multi_server.c

24
postfix/src/master/master_wakeup.c
View File

@@ -58,10 +58,13 @@
#include <msg.h> #include <msg.h>
#include <trigger.h> #include <trigger.h>
#include <events.h> #include <events.h>
#include <set_eugid.h>
#include <set_ugid.h>
/* Global library. */ /* Global library. */
#include <mail_proto.h> /* triggers */ #include <mail_proto.h> /* triggers */
#include <mail_params.h>
/* Application-specific. */ /* Application-specific. */
@@ -101,8 +104,29 @@ static void master_wakeup_timer_event(int unused_event, char *context)
case MASTER_SERV_TYPE_UNIX: case MASTER_SERV_TYPE_UNIX:
status = LOCAL_TRIGGER(serv->name, &wakeup, sizeof(wakeup), BRIEFLY); status = LOCAL_TRIGGER(serv->name, &wakeup, sizeof(wakeup), BRIEFLY);
break; break;
/*
* If someone compromises the postfix account then this must not
* overwrite files outside the chroot jail. Countermeasures:
*
* - Limit the damage by accessing the FIFO as postfix not root.
*
* - Have fifo_trigger() call safe_open() so we won't follow
* arbitrary hard/symlinks to files in/outside the chroot jail.
*
* - All non-chroot postfix-related files must be root owned (or
* postfix check complains).
*
* - The postfix user and group ID must not be shared with other
* applications (says the INSTALL documentation).
*
* Result of a discussion with Michael Tokarev who claims het got
* his insights from Solar Designer.
*/
case MASTER_SERV_TYPE_FIFO: case MASTER_SERV_TYPE_FIFO:
set_eugid(var_owner_uid, var_owner_gid);
status = fifo_trigger(serv->name, &wakeup, sizeof(wakeup), BRIEFLY); status = fifo_trigger(serv->name, &wakeup, sizeof(wakeup), BRIEFLY);
set_ugid(getuid(), getgid());
break; break;
default: default:
msg_panic("%s: unknown service type: %d", myname, serv->type); msg_panic("%s: unknown service type: %d", myname, serv->type);

30
postfix/src/postalias/Makefile.in
View File

@@ -21,10 +21,36 @@ $(PROG): $(OBJS) $(LIBS)
Makefile: Makefile.in Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@ (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
test: $(TESTPROG)
update: ../../bin/$(PROG) update: ../../bin/$(PROG)
test: test1 test2
test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref
./$(PROG) map.in
for key in abc ghi; \
do \
./$(PROG) -q $${key} map.in | diff map-$${key}1.ref -; \
done
./$(PROG) -f map.in
for key in ABC; \
do \
./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \
done
rm -f map.in.db
test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref
./$(PROG) map.in
for key in abc ghi; \
do \
echo $${key} | ./$(PROG) -q - map.in | diff map-$${key}2.ref -; \
done
./$(PROG) -f map.in
for key in ABC; \
do \
echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \
done
rm -f map.in.db
../../bin/$(PROG): $(PROG) ../../bin/$(PROG): $(PROG)
cp $(PROG) ../../bin cp $(PROG) ../../bin

1
postfix/src/postalias/map-ABC1.ref Normal file
View File

@@ -0,0 +1 @@
DEF

1
postfix/src/postalias/map-ABC2.ref Normal file
View File

@@ -0,0 +1 @@
ABC: DEF

1
postfix/src/postalias/map-abc1.ref Normal file
View File

@@ -0,0 +1 @@
DEF

1
postfix/src/postalias/map-abc2.ref Normal file
View File

@@ -0,0 +1 @@
abc: DEF

1
postfix/src/postalias/map-ghi1.ref Normal file
View File

@@ -0,0 +1 @@
jkl

1
postfix/src/postalias/map-ghi2.ref Normal file
View File

@@ -0,0 +1 @@
ghi: jkl

2
postfix/src/postalias/map.in Normal file
View File

@@ -0,0 +1,2 @@
ABC: DEF
ghi: jkl

32
postfix/src/postmap/Makefile.in
View File

@@ -21,13 +21,39 @@ $(PROG): $(OBJS) $(LIBS)
Makefile: Makefile.in Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@ (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
test: $(TESTPROG)
update: ../../bin/$(PROG) update: ../../bin/$(PROG)
../../bin/$(PROG): $(PROG) ../../bin/$(PROG): $(PROG)
cp $(PROG) ../../bin cp $(PROG) ../../bin
test: test1 test2
test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref
./$(PROG) map.in
for key in abc ghi; \
do \
./$(PROG) -q $${key} map.in | diff map-$${key}1.ref -; \
done
./$(PROG) -f map.in
for key in ABC; \
do \
./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \
done
rm -f map.in.db
test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref
./$(PROG) map.in
for key in abc ghi; \
do \
echo $${key} | ./$(PROG) -q - map.in | diff map-$${key}2.ref -; \
done
./$(PROG) -f map.in
for key in ABC; \
do \
echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \
done
rm -f map.in.db
printfck: $(OBJS) $(PROG) printfck: $(OBJS) $(PROG)
rm -rf printfck rm -rf printfck
mkdir printfck mkdir printfck
@@ -39,7 +65,7 @@ lint:
lint $(DEFS) $(SRCS) $(LINTFIX) lint $(DEFS) $(SRCS) $(LINTFIX)
clean: clean:
rm -f *.o *core $(PROG) $(TESTPROG) junk rm -f *.o *core $(PROG) $(TESTPROG) junk map.in.db
rm -rf printfck rm -rf printfck
tidy: clean tidy: clean

1
postfix/src/postmap/map-ABC1.ref Normal file
View File

@@ -0,0 +1 @@
DEF

1
postfix/src/postmap/map-ABC2.ref Normal file
View File

@@ -0,0 +1 @@
ABC DEF

1
postfix/src/postmap/map-abc1.ref Normal file
View File

@@ -0,0 +1 @@
DEF

1
postfix/src/postmap/map-abc2.ref Normal file
View File

@@ -0,0 +1 @@
abc DEF

1
postfix/src/postmap/map-ghi1.ref Normal file
View File

@@ -0,0 +1 @@
jkl

1
postfix/src/postmap/map-ghi2.ref Normal file
View File

@@ -0,0 +1 @@
ghi jkl

2
postfix/src/postmap/map.in Normal file
View File

@@ -0,0 +1,2 @@
ABC DEF
ghi jkl

13
postfix/src/sendmail/sendmail.c
View File

@@ -65,6 +65,9 @@
/* .IP \fB-I\fR /* .IP \fB-I\fR
/* Initialize alias database. See the \fBnewaliases\fR /* Initialize alias database. See the \fBnewaliases\fR
/* command above. /* command above.
/* .IP "\fB-L \fIlabel\fR (ignored)"
/* The logging label. Use the \fBsyslog_name\fR configuration
/* parameter instead.
/* .IP "\fB-N \fIdsn\fR (ignored)" /* .IP "\fB-N \fIdsn\fR (ignored)"
/* Delivery status notification control. Currently, Postfix does /* Delivery status notification control. Currently, Postfix does
/* not implement \fBDSN\fR. /* not implement \fBDSN\fR.
@@ -860,7 +863,7 @@ int main(int argc, char **argv)
optind++; optind++;
continue; continue;
} }
if ((c = GETOPT(argc, argv, "B:C:F:GIN:R:UV:X:b:ce:f:h:imno:p:r:q:tvx")) <= 0) if ((c = GETOPT(argc, argv, "B:C:F:GIL:N:R:UV:X:b:ce:f:h:imno:p:r:q:tvx")) <= 0)
break; break;
switch (c) { switch (c) {
default: default:
@@ -869,20 +872,12 @@ int main(int argc, char **argv)
break; break;
case 'n': case 'n':
fatal_error(EX_USAGE, "-%c option not supported", c); fatal_error(EX_USAGE, "-%c option not supported", c);
case 'B': /* body type */
break;
case 'F': /* full name */ case 'F': /* full name */
full_name = optarg; full_name = optarg;
break; break;
case 'G': /* gateway submission */
break;
case 'I': /* newaliases */ case 'I': /* newaliases */
mode = SM_MODE_NEWALIAS; mode = SM_MODE_NEWALIAS;
break; break;
case 'N': /* DSN */
break;
case 'R': /* DSN */
break;
case 'V': /* VERP */ case 'V': /* VERP */
if (verp_delims_verify(optarg) != 0) if (verp_delims_verify(optarg) != 0)
fatal_error(EX_USAGE, "-V requires two characters from %s", fatal_error(EX_USAGE, "-V requires two characters from %s",

4
postfix/src/util/Makefile.in
View File

@@ -690,6 +690,10 @@ fifo_trigger.o: fifo_trigger.c
fifo_trigger.o: sys_defs.h fifo_trigger.o: sys_defs.h
fifo_trigger.o: msg.h fifo_trigger.o: msg.h
fifo_trigger.o: iostuff.h fifo_trigger.o: iostuff.h
fifo_trigger.o: safe_open.h
fifo_trigger.o: vstream.h
fifo_trigger.o: vbuf.h
fifo_trigger.o: vstring.h
fifo_trigger.o: trigger.h fifo_trigger.o: trigger.h
file_limit.o: file_limit.c file_limit.o: file_limit.c
file_limit.o: sys_defs.h file_limit.o: sys_defs.h

10
postfix/src/util/fifo_trigger.c
View File

@@ -49,6 +49,7 @@
#include <msg.h> #include <msg.h>
#include <iostuff.h> #include <iostuff.h>
#include <safe_open.h>
#include <trigger.h> #include <trigger.h>
/* fifo_trigger - wakeup fifo server */ /* fifo_trigger - wakeup fifo server */
@@ -56,18 +57,23 @@
int fifo_trigger(const char *service, const char *buf, int len, int timeout) int fifo_trigger(const char *service, const char *buf, int len, int timeout)
{ {
char *myname = "fifo_trigger"; char *myname = "fifo_trigger";
VSTREAM *fp;
int fd; int fd;
/* /*
* Write the request to the service fifo. According to POSIX, the open * Write the request to the service fifo. According to POSIX, the open
* shall always return immediately, and shall return an error when no * shall always return immediately, and shall return an error when no
* process is reading from the FIFO. * process is reading from the FIFO.
*
* Use safe_open() so that we don't follow arbitrary symlinks.
*/ */
if ((fd = open(service, O_WRONLY | O_NONBLOCK, 0)) < 0) { if ((fp = safe_open(service, O_WRONLY | O_NONBLOCK, 0,
(struct stat *) 0, -1, -1, (VSTRING *) 0)) == 0) {
if (msg_verbose) if (msg_verbose)
msg_info("%s: open %s: %m", myname, service); msg_info("%s: open %s: %m", myname, service);
return (-1); return (-1);
} }
fd = vstream_fileno(fp);
/* /*
* Write the request... * Write the request...
@@ -80,7 +86,7 @@ int fifo_trigger(const char *service, const char *buf, int len, int timeout)
/* /*
* Disconnect. * Disconnect.
*/ */
if (close(fd)) if (vstream_fclose(fp))
if (msg_verbose) if (msg_verbose)
msg_warn("%s: close %s: %m", myname, service); msg_warn("%s: close %s: %m", myname, service);
return (0); return (0);