Re: Claimed Postfix Vulnerabilities

From: der Mouse (mouseat_private)
Date: Mon Dec 21 1998 - 12:38:51 PST

Next message: Entropy: "Fwd: Re: 3com"

Previous message: Aviram Jenik: "AOL client uses IP tunneling"
Maybe in reply to: Wietse Venema: "Claimed Postfix Vulnerabilities"
Next in thread: bobk: "Re: Claimed Postfix Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 4 - Claim: a local user can make hard links to Postfix maildrop
>     queue files and thus prevent mail from being delivered.

>     Response: the mail will be delivered.  When a queue file has
>     more than one hard link, Postfix deletes the hard link, and
>     logs a warning.  When the hard link count reaches 1, Postfix
>     delivers the mail.

This sounds as though the claim is actually true.  Notice that the
malicious-user-created hardlink does not have to be in the Postfix
queue directory; it can be in any directory that user can write to on
that filesystem.  Postfix will then discard (and gripe about) all the
hardlinks in its queue directory.  (The user can then blow away the
created link(s) and the mail will silently vanish, without, as far as I
can tell, any way to trace after the fact who did it.)

                                        der Mouse

                               mouseat_private
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: Entropy: "Fwd: Re: 3com"
Previous message: Aviram Jenik: "AOL client uses IP tunneling"
Maybe in reply to: Wietse Venema: "Claimed Postfix Vulnerabilities"
Next in thread: bobk: "Re: Claimed Postfix Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:25 PDT