On Tue, May 13, 2008 at 02:10:45PM +0100, Ben Laurie wrote: > [Moderator's note: A quick reminder: please use ASCII except if you > need Unicode to spell your name right. Microsoft's proprietary quote > marks are not a standard and don't look right on non-Microsoft > displays. I edited them out of this by hand. --Perry] > > Debian have a stunning example of how blindly fixing "problems" pointed > out by security tools can be disastrous.
Upstream authors can take defensive measures against ill-advised patches of this sort. For a while, distributions were in the habit of Patching the code that Postfix uses to learn the its own hostname. Invariably, they botched it. The code now reads: /* get_hostname - look up my host name */ const char *get_hostname(void) { char namebuf[MAXHOSTNAMELEN + 1]; /* * The gethostname() call is not (or not yet) in ANSI or POSIX, but it is * part of the socket interface library. We avoid the more politically- * correct uname() routine because that has no portable way of dealing * with long (FQDN) hostnames. * * DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION. IT BREAKS MAILDIR DELIVERY * AND OTHER THINGS WHEN THE MACHINE NAME IS NOT FOUND IN /ETC/HOSTS OR * CAUSES PROCESSES TO HANG WHEN THE NETWORK IS DISCONNECTED. * * POSTFIX NO LONGER NEEDS A FULLY QUALIFIED HOSTNAME. INSTEAD POSTFIX WILL * USE A DEFAULT DOMAIN NAME "LOCALDOMAIN". */ if (my_host_name == 0) { /* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */ if (gethostname(namebuf, sizeof(namebuf)) < 0) msg_fatal("gethostname: %m"); namebuf[MAXHOSTNAMELEN] = 0; /* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */ if (valid_hostname(namebuf, DO_GRIPE) == 0) msg_fatal("unable to use my own hostname"); /* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */ my_host_name = mystrdup(namebuf); } return (my_host_name); } The addition of "/* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */" every couple of lines appears to have solved the problem: it deliberately breaks all prior patches (context diff overlaps), and strongly signals that the code must not be messed with. -- Viktor. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]