Bugtraq mailing list archives

Re: Claimed Postfix Vulnerabilities

From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Mon, 21 Dec 1998 15:38:51 -0500

4 - Claim: a local user can make hard links to Postfix maildrop
    queue files and thus prevent mail from being delivered.

    Response: the mail will be delivered.  When a queue file has
    more than one hard link, Postfix deletes the hard link, and
    logs a warning.  When the hard link count reaches 1, Postfix
    delivers the mail.


This sounds as though the claim is actually true.  Notice that the
malicious-user-created hardlink does not have to be in the Postfix
queue directory; it can be in any directory that user can write to on
that filesystem.  Postfix will then discard (and gripe about) all the
hardlinks in its queue directory.  (The user can then blow away the
created link(s) and the mail will silently vanish, without, as far as I
can tell, any way to trace after the fact who did it.)

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

Claimed Postfix Vulnerabilities Wietse Venema (Dec 21)
- <Possible follow-ups>
- Re: Claimed Postfix Vulnerabilities der Mouse (Dec 21)
- Re: Claimed Postfix Vulnerabilities bobk (Dec 23)