Loading ...
Sorry, an error occurred while loading the content.

289809Re: Dot forward not reading links

Expand Messages
  • wimpunk
    Dec 1 12:51 AM
      On Fri, Nov 30, 2012 at 11:41 PM, Wietse Venema <wietse@...> wrote:
      > wimpunk:
      >> On Fri, Nov 30, 2012 at 11:10 PM, Wietse Venema <wietse@...> wrote:
      >> > wimpunk:
      >> >> Hi,
      >> >>
      >> >> I've been wondering why my .forward files didn't worked like I
      >> >> expected and finally I found out dotforward doesn't accept linked
      >> >> files. Is there any reason why dotforward doesn't read links? In
      >> >> src/local/dotforward.c (line232 of the latest debian version) I wanted
      >> >> to change
      >> >
      >> > What if the symlink points to /dev/zero or /dev/random?
      >> >
      >> > Wietse
      >> It would fail because the file would be world writable.
      > Right, and your point is that all malicious symlinks under all
      > user's home directories will always resolve to a world-writable
      > file, so I should not have to worry about such things.
      > Wietse

      No, my point is that if it would point to /dev/zero or /dev/random, it
      would fail because the file is world writable.

      If you want to check on malicious links, postfix could verify if the
      link it points to is a file with the correct features.
      I believe there is no need for such check. If you're afraid of
      malicious files, you better just disable the userforward feature.
      People could write their own malicious files. There is actually not
      that much difference between doing a cp or doing a ln, or at least not
      from my point of view. I'm pretty much interested in what you
      consider as a malicious file and why it should be considered as a much
      bigger risk than using the normal dotforward files.

      The reason I searched for this is because I just wanted to make my own
      management easier. I had a .forward+a file which filtered the mail to
      a specific folder in my mailbox. Because I wanted the mail send to
      ${user}+b and ${user}+c handled the same way, I created a link named
      .forward+b and .forward+c which pointed to .forward+a but as we know,
      it didn't worked.


    • Show all 10 messages in this topic