Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 1999-q4

Postfix Archives: Re: [PATCH][FIX][snapshot-19991123] postconf

Re: [PATCH][FIX][snapshot-19991123] postconf -e is sensitive to umask/group settings

Matthias Andree (mandreedosis.uni-dortmund.de)
26 Nov 1999 14:05:15 +0100

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Edgard Castro: "Can postfix do a million ...again?"
Previous message: LaMont Jones: "Re: uses and performance [Q]"
In reply to: Miguel A.L. Paraz: "Re: uses and performance [Q]"

wietseporcupine.org (Wietse Venema) writes:

> Rather than calling chmod it would be a lot simpler to have a
> umask(022) call at the start of the postconf program.
>
> However, I have a comment. If you have a 077 super-user umask you
> will have broken file permissions mor often. I recommend that you
> use 022 instead for root. You can still use 077 for yourself.

I have 022 permissions for root and users usually, my postconf
invokation from inside an ip-up script happened to set umask 077 so as
not to give sensitive information from log files away, und I think,
postconf should not be able to break the system in that case.

Here's the new patch for those who are interested, against snapshot-19991123:

diff -cr snapshot-19991123/HISTORY snapshot-19991123-ma1/HISTORY
*** snapshot-19991123/HISTORY Tue Nov 23 14:00:55 1999
--- snapshot-19991123-ma1/HISTORY Fri Nov 26 14:02:14 1999
***************
*** 3291,3293 ****
--- 3291,3300 ----
  19991122

          Bugfix: missing absolute path in INSTALL.sh broke fresh install.
+
+ 19991126
+
+ Bugfix: postconf -e was sensitive to umask and could thus leave
+ main.cf with 0600 after edit, breaking the entire system.
+ main.cf is now edited with umask 022 (patch by Matthias Andree).
+ File: postconf/postconf.c.
diff -cr snapshot-19991123/postconf/postconf.c snapshot-19991123-ma1/postconf/postconf.c
*** snapshot-19991123/postconf/postconf.c Fri Nov 19 03:29:27 1999
--- snapshot-19991123-ma1/postconf/postconf.c Fri Nov 26 14:03:42 1999
***************
*** 638,643 ****
--- 638,649 ----
      struct stat st;
      int junk;

+ /*
+ * Be sure that replacing the config file is not sensitive to a restrictive
+ * umask setting. main.cf must be world readable.
+ */
+ umask(022);
+
      /*
       * To minimize confusion, make sure that the standard file descriptors
       * are open before opening anything else. XXX Work around for 44BSD where

-- Matthias Andree

Hi! I'm the infamous .signature virus! Copy me into your ~/.signature to help me spread!

Next message: Edgard Castro: "Can postfix do a million ...again?"
Previous message: LaMont Jones: "Re: uses and performance [Q]"
In reply to: Miguel A.L. Paraz: "Re: uses and performance [Q]"

This archive was generated by hypermail 2.0b3 on Fri Nov 26 1999 - 12:03:09 CST