[pkg-fetchmail-maint] Bug#452907: .fetchmailrc not permitted to be a symlink
Nico Golde
nion at debian.org
Mon Nov 26 12:16:04 UTC 2007
Hi Roger,
* Roger Leigh <rleigh at debian.org> [2007-11-26 12:01]:
> % fetchmail
> File /home/rleigh/.fetchmailrc must be a regular file.
>
> % pwd
> /home/rleigh
>
> % ls -l /home/rleigh/.fetchmailrc
> lrwxrwxrwx 1 rleigh rleigh 15 2007-11-25 17:14 /home/rleigh/.fetchmailrc -> etc/fetchmailrc
>
> % ls -l /home/rleigh/etc/fetchmailrc
> -rw------- 1 rleigh rleigh 1057 2005-05-29 13:12 /home/rleigh/etc/fetchmailrc
>
> I keep all my "dotfiles" in /home/rleigh/etc under revision control
> (git) to allow synchronisation between different systems. There's
> no reason why a symlink shouldn't be allowed here (though
> pipe/device/socket devices etc. are legitimately not useful).
>
>
> If this could be fixed and/or forwarded upstream if appropriate, that
> would be super.
I had a short converstation about this with upstream. I
could patch this with:
--- rcfile_y.y 2007-11-26 13:08:52.000000000 +0100
+++ rcfile_y.y.new 2007-11-26 13:08:50.000000000 +0100
@@ -414,7 +414,7 @@
if (!securecheck) return PS_SUCCESS;
- if (!S_ISREG(statbuf.st_mode))
+ if (!S_ISREG(statbuf.st_mode) || !S_ISLNK(statbuf.st_mode))
{
fprintf(stderr, GT_("File %s must be a regular file.\n"), pathname);
return(PS_IOERR);
But this could introduce some race condition with permission or uid
checks. This behaviour also prevents symlink attacks :)
So we suggest to workaround this by either adding a hardlink (if this works with git internals)
or executing -f - <"${HOME}/.fetchmailrc".
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20071126/7957e878/attachment.pgp
More information about the pkg-fetchmail-maint
mailing list