misc/85200: db write part of /etc/spwd.db in any new .db file
Kris Kennaway
kris at obsecurity.org
Wed Sep 21 07:00:33 UTC 2005
The following reply was made to PR ports/85200; it has been noted by GNATS.
From: Kris Kennaway <kris at obsecurity.org>
To: Den Ivanov <dsdiv at vladnet.ru>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/85200: db write part of /etc/spwd.db in any new .db file
Date: Wed, 21 Sep 2005 02:59:45 -0400
--EY/WZ/HvNxOox07X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Aug 22, 2005 at 04:48:48AM +0000, Den Ivanov wrote:
>=20
> >Number: 85200
> >Category: misc
> >Synopsis: db write part of /etc/spwd.db in any new .db file
> >Confidential: no
> >Severity: critical
> >Priority: high
> >Responsible: freebsd-bugs
> >State: open
> >Quarter: =20
> >Keywords: =20
> >Date-Required:
> >Class: sw-bug
> >Submitter-Id: current-users
> >Arrival-Date: Mon Aug 22 04:50:13 GMT 2005
> >Closed-Date:
> >Last-Modified:
> >Originator: Den Ivanov
> >Release: 5.4-STABLE
> >Organization:
> Vladnet
> >Environment:
> FreeBSD web2.vladnet.ru 5.4-STABLE FreeBSD 5.4-STABLE #0: Mon Jul 25 04:2=
4:03 GMT 2005 div at web2.vladnet.ru:/var/cvsup/src/STABLE_5/obj/var/cvsup=
/src/STABLE_5/src/sys/WEB i386
> >Description:
> with 'postmap' utility from 'postfix', any user in system may get part of=
/etc/spwd.db
> >How-To-Repeat:
> #echo "1 2" >12
> #postmap 12
> and see 12.db
> in my case, this 64kb file contain most user:passwords pairs from spwd.db
This sounds like a postmap bug that should be taken up with the postfix dev=
elopers instead.
Kris
--EY/WZ/HvNxOox07X
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFDMQTgWry0BWjoQKURAthuAJ0YIR6IewT5P7OZazhWM/KpPjVEuQCZAc/5
h21mwF9ngZKF4WOt2cCC6tA=
=ISww
-----END PGP SIGNATURE-----
--EY/WZ/HvNxOox07X--
More information about the freebsd-ports-bugs
mailing list