[8760] in bugtraq
Re: Claimed Postfix Vulnerabilities
daemon@ATHENA.MIT.EDU (der Mouse)
Mon Dec 21 23:38:21 1998
Date: Mon, 21 Dec 1998 15:38:51 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
To: BUGTRAQ@NETSPACE.ORG
> 4 - Claim: a local user can make hard links to Postfix maildrop
> queue files and thus prevent mail from being delivered.
> Response: the mail will be delivered. When a queue file has
> more than one hard link, Postfix deletes the hard link, and
> logs a warning. When the hard link count reaches 1, Postfix
> delivers the mail.
This sounds as though the claim is actually true. Notice that the
malicious-user-created hardlink does not have to be in the Postfix
queue directory; it can be in any directory that user can write to on
that filesystem. Postfix will then discard (and gripe about) all the
hardlinks in its queue directory. (The user can then blow away the
created link(s) and the mail will silently vanish, without, as far as I
can tell, any way to trace after the fact who did it.)
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
