Date: Sun, 10 May 2015 02:08:19 -0700 From: David Benfell <benfell@parts-unknown.org> To: freebsd-questions@freebsd.org Subject: Re: Postfix vulnarebility wrongly reported by pkg audit? Message-ID: <20150510020819.Horde.eC28WWwjJ0tJo9WbqQ-sno0@mail.parts-unknown.org> In-Reply-To: <20150510080130.GC2534@vps.markoturk.info>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed. --=_7lquv8cp-bqlJsnmoM7iZmT Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Marko Turk <markoml@markoturk.info>: > > today my postfix-2.11.4,1 was marked as vulnerable by the pkg audit > tool. But, when I go to the web pages the tool outputs it says that my > version of postfix is not vulnerable (and that this vulnerabilities are > from 2011). If I understood correctly, the problem is with the ownership of=20=20 /var/db/postfix.=20But to be honest, I don't see how it's in fact a=20=20 vulnerability.=20The complaint is that the ownership is set to root=20=20 rather=20than postfix. When I look at my instance, I see: [benfell@home ~]% ls -ald /var/db/postfix drwx------ 2 postfix wheel 512 Apr 16 01:07 /var/db/postfix Now, I can see how root ownership might prevent postfix from working.=20=20 Not=20how it's a vulnerability. And it seems that at least on my=20=20 instance,=20it is correctly set, anyhow. So I'm just confused. --=20 David=20Benfell <benfell@parts-unknown.org> --=_7lquv8cp-bqlJsnmoM7iZmT Content-Type: application/pgp-signature Content-Description: PGP Digital Signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJVTyADAAoJEBV64x4SNmArdc0QAIWA0TWKb+HNinWilqB1zK8E cCFLsNJljL5tQKYxNtlhlKTfy+vaVaCwsuLxIwGkTV7kPsSH8TCSNcMV2iZvpHe7 dQpt6G7J3kc0OqVR25HW9dnrlcmvZi7WvN9xzmc5zRbF6OxGGNRu4q8nOLhib7ui 7+6H5TOI/lngum0JbyamU/1GKGlMNNmizIK8rJMmpfq2lN8Z5ctpnJRb0OY9F2c3 nR32f77YZlnviKxO9e5rYpE3bLXgYP51qiKWuKtBYo1HYaxkrGiQhbAqJd8qA590 EODvsy66v8AYDobACpY1eFQK0t3F+HhNt/WhyBgsU2IOoqedAJb7b5O4JvTNXmBg Ou8nCHgsWnG/CcKrFR5lbPcJap0gRWrXyfXl2m+QGRKYUrL1plQUHiaDcAyMwTBo Eq2SCAga+Zq0OTwnlZa2M9lc2lLp12Up9BnyfxmobbbrOwRnIcOu4iZiZSdaaeeR tcYBWW/6nGxw7kuyE/QT8rOVKcNCx8K9JJ65FN7qaN+NZAYn4pKGvSinKSc/nYVZ ConUxF2OSgXfxDEIlpVZzsF4KOf+p6EGZaD6xs0Z0+Vn2bNrxTi1p01CHtOizWGS fzg6dBCOS3QnqFJACmQr5XhqwNVgUNEfSty5SO6CSncd+dPNDRhP0lffSbPzPW7s JsO18XKrIOUQGP4o9n7m =OBfD -----END PGP SIGNATURE----- --=_7lquv8cp-bqlJsnmoM7iZmT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150510020819.Horde.eC28WWwjJ0tJo9WbqQ-sno0>