[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[postfix-jp: 3120] Postfix local privilege escalation via hardlinked symlinks



こんにちは。

Postfix local privilege escalation via hardlinked symlinksという件名の
メールがPostfix announceに出ていましたが、既に2.5.4がリリースされてい
るようです。

各Linuxのディストリビューション用の修正も大体は出ているようですが、
Postfix announceのメールではWietse氏、何か怒ってるような文面にも見えま
した。(以下で省いた部分も含めてですが。)

(シンボリック・リンク自体のハードリンクを作って、何か嬉しいことってあ
るんだろうか?)

-- 
神戸 隆博 / Takahiro Kambe 


Message-Id: <20080814120528.AE0611F3EA0@xxxxxxxxxxxxxxxxxxx>
Subject: Postfix local privilege escalation via hardlinked symlinks
Date: Thu, 14 Aug 2008 08:05:28 -0400 (EDT)
From: wietse@xxxxxxxxxxxxx (Wietse Venema)
To: Postfix announce <postfix-announce@xxxxxxxxxxx>
CC: Postfix users <postfix-users@xxxxxxxxxxx>
X-Mailer: ELM [version 2.4ME+ PL82 (25)]
Precedence: bulk
Delivered-To: postfix-announce-outgoing@xxxxxxxxxx
X-Virus-Scanned: amavisd-new at cloud9.net
X-Virus-Scanned: amavisd-new at cloud9.net
X-Time-Zone:  USA EST, 6 hours behind central European time
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII

Summary: Solaris and Linux file system behavior has changed over
time, breaking one of the assumptions in Postfix. See below for a
description of the behavior and how it disagrees with standards.

Postfix is not affected on systems with standard (POSIX, X/Open)
file system behavior, i.e. *BSD, AIX, MacOS, HP-UX, and very old
Sun/Linux systems.  The fix and workarounds are simple.

There are efforts to get the non-standard behavior approved by
standards (a function called llink). Today's fix for Solaris, Linux
etc. also makes Postfix future-proof for such changes.

	Wietse

1. Postfix local privilege escalation via hardlinked symlinks
=============================================================
...

_______________________________________________
Postfix-jp-list mailing list
Postfix-jp-list@xxxxxxxxxxxxxxxxxxxx
http://lists.sourceforge.jp/mailman/listinfo/postfix-jp-list

Follow-Ups
[postfix-jp: 3121] Re: Postfix local privilege escalation via hardlinked symlinks, "(株)ネットフォレスト 植田裕之"

[検索ページ] [Postfix-JP ML Home]