Control: reopen -1 On Fri, 20 Oct 2017, Debian Bug Tracking System wrote:
> > the most resent postfix update in stable broke postmap on files that are > > not in the current directory: > > This is not a bug, but a security fix that the Debian Security Team requested > be fixed in a point release. Here's the upstream description of the fix: > > Security: Berkeley DB 2 and later try to read settings from > a file DB_CONFIG in the current directory. This undocumented > feature may introduce undisclosed vulnerabilities resulting > in privilege escalation with Postfix set-gid programs > (postdrop, postqueue) before they chdir to the Postfix queue > directory, and with the postmap and postalias commands > depending on whether the user's current directory is writable > by other users. This fix does not change Postfix behavior > for Berkeley DB < 3, but reduces file create performance > for Berkeley DB 3 .. 4.6. File: util/dict_db.c. > > Note that this only affects Berkeley DB maps, not other types. That change of behaviour is nowhere in that description. Are you sure that you want the behaviour to change from postmap <file> working to only working for postmap <file that is either in . or that is given with a full path> and breaking and providing a wrong and confusing error message to postmap <file with relative path not in .> This is neither covered in the changelog (which only talks about DB_CONFIG files), not would I argue this is an intended consequence. Can we get some input from the security team what their goal was? Cheers, > From: Peter Palfrader <wea...@debian.org> > Subject: postmap broken by stable point release > To: Debian Bug Tracking System <sub...@bugs.debian.org> > Date: Fri, 20 Oct 2017 11:14:54 +0000 > Message-ID: <20171020111454.zr4mjh6x2qw6b...@sarek.noreply.org> > X-Spam-Status: No, score=-12.4 required=4.0 tests=BAYES_00,FROMDEVELOPER, > HAS_PACKAGE,MONOTONE_WORDS_2_15,RCVD_IN_DNSWL_MED,URIBL_CNKR,X_DEBBUGS_CC > autolearn=ham autolearn_force=no version=3.4.1-bugs.debian.org_2005_01_02 > > Package: postfix > Version: 3.1.6-0+deb9u1 > Severity: important > > Hi! > > the most resent postfix update in stable broke postmap on files that are > not in the current directory: > > | root@playbox01:~# postmap test/in > | postmap: fatal: open database test/in.db: No such file or directory > > > More detailed script: > previous version: > } root@playbox01:~# dpkg -s postfix | grep Version > } Version: 3.1.4-7 > } root@playbox01:~# mkdir test > } root@playbox01:~# echo 't...@example.com foo:' > test/in > } root@playbox01:~# postmap test/in > } root@playbox01:~# ls -l test > } total 12 > } -rw-r--r-- 1 root root 22 Oct 20 11:10 in > } -rw-r--r-- 1 root root 12288 Oct 20 11:10 in.db > > current version: > ] root@playbox01:~# rm -rf test > ] root@playbox01:~# dpkg -s postfix | grep Version > ] Version: 3.1.6-0+deb9u1 > ] root@playbox01:~# mkdir test > ] root@playbox01:~# echo 't...@example.com foo:' > test/in > ] root@playbox01:~# postmap test/in > ] postmap: fatal: open database test/in.db: No such file or directory > ] root@playbox01:~#ยท > ] root@playbox01:~# ls -l test > ] total 4 > ] -rw-r--r-- 1 root root 22 Oct 20 11:11 in > > Note that it still works in the current directory: > ] root@playbox01:~# cd test > ] root@playbox01:~/test# postmap in > ] root@playbox01:~/test# ls -l > ] total 12 > ] -rw-r--r-- 1 root root 22 Oct 20 11:11 in > ] -rw-r--r-- 1 root root 12288 Oct 20 11:11 in.db > > Cheers, > -- > | .''`. ** Debian ** > Peter Palfrader | : :' : The universal > https://www.palfrader.org/ | `. `' Operating System > | `- https://www.debian.org/ -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `- https://www.debian.org/
