Your message dated Fri, 20 Oct 2017 11:27:02 -0400
with message-id <1985995.9bLyQF9hU9@kitterma-e6430>
and subject line Re: Bug#879200: postmap broken by stable point release
has caused the Debian Bug report #879200,
regarding postmap broken by stable point release
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
879200: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879200
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postfix
Version: 3.1.6-0+deb9u1
Severity: important
Hi!
the most resent postfix update in stable broke postmap on files that are
not in the current directory:
| root@playbox01:~# postmap test/in
| postmap: fatal: open database test/in.db: No such file or directory
More detailed script:
previous version:
} root@playbox01:~# dpkg -s postfix | grep Version
} Version: 3.1.4-7
} root@playbox01:~# mkdir test
} root@playbox01:~# echo '[email protected] foo:' > test/in
} root@playbox01:~# postmap test/in
} root@playbox01:~# ls -l test
} total 12
} -rw-r--r-- 1 root root 22 Oct 20 11:10 in
} -rw-r--r-- 1 root root 12288 Oct 20 11:10 in.db
current version:
] root@playbox01:~# rm -rf test
] root@playbox01:~# dpkg -s postfix | grep Version
] Version: 3.1.6-0+deb9u1
] root@playbox01:~# mkdir test
] root@playbox01:~# echo '[email protected] foo:' > test/in
] root@playbox01:~# postmap test/in
] postmap: fatal: open database test/in.db: No such file or directory
] root@playbox01:~#ยท
] root@playbox01:~# ls -l test
] total 4
] -rw-r--r-- 1 root root 22 Oct 20 11:11 in
Note that it still works in the current directory:
] root@playbox01:~# cd test
] root@playbox01:~/test# postmap in
] root@playbox01:~/test# ls -l
] total 12
] -rw-r--r-- 1 root root 22 Oct 20 11:11 in
] -rw-r--r-- 1 root root 12288 Oct 20 11:11 in.db
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
--- End Message ---
--- Begin Message ---
On Friday, October 20, 2017 11:14:54 AM Peter Palfrader wrote:
> Package: postfix
> Version: 3.1.6-0+deb9u1
> Severity: important
>
> Hi!
>
> the most resent postfix update in stable broke postmap on files that are
> not in the current directory:
This is not a bug, but a security fix that the Debian Security Team requested
be fixed in a point release. Here's the upstream description of the fix:
Security: Berkeley DB 2 and later try to read settings from
a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting
in privilege escalation with Postfix set-gid programs
(postdrop, postqueue) before they chdir to the Postfix queue
directory, and with the postmap and postalias commands
depending on whether the user's current directory is writable
by other users. This fix does not change Postfix behavior
for Berkeley DB < 3, but reduces file create performance
for Berkeley DB 3 .. 4.6. File: util/dict_db.c.
Note that this only affects Berkeley DB maps, not other types.
Scott K
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
