Patch update concerning the creation of the chroot:
1. Made copying of files other than regular files possible, this
is useful for links and files like /dev/urandom. Directories are
still skipped.
2. Made sure that the postfix user is able to read files in the chroot
that are not group
Update:
I found another issue:
5. Files copied by the init.d script will be world-readable, sometimes
in contrast to the original files.
This a problem for some files that people might want to add to the
chroot, like /etc/sasldb, which has clear-text passwords.
In my updated patch
Regarding issue 5, I forgot to take care of directories in the patch. Fixed
in the attached patch.
Sorry for the mess!
--- postfix-2.5.5-orig/debian/init.d 2008-10-31 13:59:26.0 +0100
+++ postfix-2.5.5/debian/init.d 2008-10-31 14:47:54.0 +0100
@@ -25,6 +25,8 @@
# Defaults -
Package: postfix
Version: 2.5.5-1.1
Severity: normal
Tags: patch
I found some issues in the postfix init.d script regarding the chroot
setup.
1. There are more options in Postfix besides smtp_use_tls and
smtpd_use_tls to enable TLS. In the other cases
/etc/ssl/certs/ca-certificates.crt
4 matches
Mail list logo
