Date: Sun, 10 May 2015 02:08:19 -0700 From: David Benfell <benfell@parts-unknown.org> To: freebsd-questions@freebsd.org Subject: Re: Postfix vulnarebility wrongly reported by pkg audit? Message-ID: <20150510020819.Horde.eC28WWwjJ0tJo9WbqQ-sno0@mail.parts-unknown.org> In-Reply-To: <20150510080130.GC2534@vps.markoturk.info>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Quoting Marko Turk <markoml@markoturk.info>: > > today my postfix-2.11.4,1 was marked as vulnerable by the pkg audit > tool. But, when I go to the web pages the tool outputs it says that my > version of postfix is not vulnerable (and that this vulnerabilities are > from 2011). If I understood correctly, the problem is with the ownership of /var/db/postfix. But to be honest, I don't see how it's in fact a vulnerability. The complaint is that the ownership is set to root rather than postfix. When I look at my instance, I see: [benfell@home ~]% ls -ald /var/db/postfix drwx------ 2 postfix wheel 512 Apr 16 01:07 /var/db/postfix Now, I can see how root ownership might prevent postfix from working. Not how it's a vulnerability. And it seems that at least on my instance, it is correctly set, anyhow. So I'm just confused. -- David Benfell <benfell@parts-unknown.org> [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJVTyADAAoJEBV64x4SNmArdc0QAIWA0TWKb+HNinWilqB1zK8E cCFLsNJljL5tQKYxNtlhlKTfy+vaVaCwsuLxIwGkTV7kPsSH8TCSNcMV2iZvpHe7 dQpt6G7J3kc0OqVR25HW9dnrlcmvZi7WvN9xzmc5zRbF6OxGGNRu4q8nOLhib7ui 7+6H5TOI/lngum0JbyamU/1GKGlMNNmizIK8rJMmpfq2lN8Z5ctpnJRb0OY9F2c3 nR32f77YZlnviKxO9e5rYpE3bLXgYP51qiKWuKtBYo1HYaxkrGiQhbAqJd8qA590 EODvsy66v8AYDobACpY1eFQK0t3F+HhNt/WhyBgsU2IOoqedAJb7b5O4JvTNXmBg Ou8nCHgsWnG/CcKrFR5lbPcJap0gRWrXyfXl2m+QGRKYUrL1plQUHiaDcAyMwTBo Eq2SCAga+Zq0OTwnlZa2M9lc2lLp12Up9BnyfxmobbbrOwRnIcOu4iZiZSdaaeeR tcYBWW/6nGxw7kuyE/QT8rOVKcNCx8K9JJ65FN7qaN+NZAYn4pKGvSinKSc/nYVZ ConUxF2OSgXfxDEIlpVZzsF4KOf+p6EGZaD6xs0Z0+Vn2bNrxTi1p01CHtOizWGS fzg6dBCOS3QnqFJACmQr5XhqwNVgUNEfSty5SO6CSncd+dPNDRhP0lffSbPzPW7s JsO18XKrIOUQGP4o9n7m =OBfD -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150510020819.Horde.eC28WWwjJ0tJo9WbqQ-sno0>