OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Bug/feature in alias handling
From: Tim Bell (bhattrinity.unimelb.edu.au)
Date: Mon Mar 13 2000 - 16:09:58 CST

We have some aliases which are defined like this:

group: :include:/etc/mail/lists/group

and then the file /etc/mail/lists/group contains a comma-separated list
of logins, all on one line, e.g.:

auser,buser,cuser,duser,root

Recently we discovered that some mail to one of these lists had been
sent to the unknown users "ro" and "ot". It turns out that the line in
the included file had grown quite large; the first "o" of "root" was
the 2048th character, and the second "o" was the 2049th. I'm assuming
the line was split because of maximum line buffer considerations.

The bug as I see it is not necessarily the splitting of the line in the
middle of a username, although that could potentially lead to mail
misdirection. If there had been some warning, ideally to stderr when I
run newaliases (postalias), or to syslog, then the problem could be
fixed before any mail is sent to that alias.

I have fixed the silly long lines in our lists which led to the problem,
but I think the addition of a suitable warning in postfix would also
be useful.

Regards,

Tim. 

-- 
Tim Bell - bhattrinity.unimelb.edu.au - System Administrator & Programmer
    Trinity College, Royal Parade, Parkville, Victoria, 3052, Australia