artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a3c5baa) | patch
turn our local enqueuer setgid _smtpq and restrict access to offline queue,
authorgilles <gilles@openbsd.org>
Fri, 9 Oct 2015 14:37:38 +0000 (14:37 +0000)
committergilles <gilles@openbsd.org>
Fri, 9 Oct 2015 14:37:38 +0000 (14:37 +0000)
commit8351d18b7f05448e5b0f3db78cda27c47849c49e
tree342a3ed51e00b341446b60a264002b3b0ea50ed3tree | snapshot
parenta3c5baad4f4588dae00d6ade993b194a26959ef5commit | diff
turn our local enqueuer setgid _smtpq and restrict access to offline queue,
the enqueuer will revoke group and regain real gid right after mkstemp.

this would have prevented the symlink/hardlink attacks against offline, and
it will avoid having to deal with new ways users can mess with it.

ok eric@, ok millert@
usr.sbin/smtpd/enqueue.c diff | blob | history
usr.sbin/smtpd/queue_backend.c diff | blob | history
usr.sbin/smtpd/smtpctl.c diff | blob | history
usr.sbin/smtpd/smtpctl/Makefile diff | blob | history
usr.sbin/smtpd/smtpd-defines.h diff | blob | history
usr.sbin/smtpd/smtpd.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim