[exim] Side effect of the fix for CVE-2010-2023

Top Page
Delete this message
Reply to this message
Author: Dr Andrew C Aitchison
Date:  
To: exim-users
Subject: [exim] Side effect of the fix for CVE-2010-2023

The fix for CVE-2010-2023 disables delivery to files with more
than one link (or fewer?).
For a shared mail directory this is clearly a good thing.

However I have been bitten by this when my .forward file requests
a message be saved to a multiply linked file in my personal mail
directory.

I often have multiple names for a mail folder (though more for
use from my MUA than from my .forward) and appendfile doesn't
allow delivery to a symbolic link (at least by default - there is
the private option allow_symlink). With this change it doesn't deliver
to a hard-linked folder either, which means that the user has to
specify the unique real name of a folder in any .forward file.

Is there a case for a patch to allow delivery to multiply-linked
folders when the permissions on the parent directory preclude
the possibly of the attack in CVE-2010-2023 ?
I presume that all of the sticky bits, plus group and other write
bits clear would be sufficient ?
(At least on systems which forbid hardlinked directories
I think we are safe to assume that the parent directory is the
one that could be vunerable to attack ?)

-- 
Dr. Andrew C. Aitchison        Computer Officer, DPMMS, Cambridge
A.C.Aitchison@???    http://www.dpmms.cam.ac.uk/~werdna