Bernstein's posting contains inaccuracies. Rather than boring the reader I will just address a few. If there is sufficient demand I will make the full list available for those who care. > * The world-writable drop directory was made unreadable. The > [Postfix] author called this a ``solution'' and claimed that > inode numbers offer 15 bits of randomness. In fact, on almost all > UNIX systems today, inode numbers are trivially predictable. This > is security through obscurity. The claim that the non-readable maildrop was offered as a ``solution'' is inaccurate. The non-readable maildrop was offered as a "short-term, interim solution", while a "permanent solution is under development". The announcement is likely to be still on-line. The USENET news Message ID is <75r5q7$a3h$1at_private>. The claim that Postfix file name randomness is based inode numbers is inaccurate. The 15 bits of randomness that I referred to are based the time of day in microseconds, which gives about 15 bits depending on implementation. Now, 15 bits isn't a lot, but this scheme was chosen when queue file names were not meant to be secret. Before I end this post there is one observation that I would like to share with the reader. In December, Daniel Bernstein posted a message to the qmail mailing list with in the subject: "Anonymous postfix denial of service", describing a variety of local attacks with Bernstein accuracy. By way of response I described a local attack in a posting titled "Anonymous qmail denial of service". How memory can fail. Daniel Bernstein denies that he attacked Postfix for being subject to a DoS attack, with the following words: D. J. Bernstein: > Perry E. Metzger writes: > > You attacked Postfix for being subject to a DoS attack. > > I pointed out that [Postfix] allowed local users to > > * anonymously destroy messages accepted by the MTA from other users; > * obtain traffic information that some sites consider private; > * on some UNIX variants, charge mail to the wrong user; and > * under specialized circumstances, steal unreadable files. > > Which of these are you calling a ``denial-of-service attack,'' Perry? The claim is in the title, Dan: "Anonymous postfix denial of service". You can find it in your own mailing list archive. Wietse
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:35 PDT