On Tue, Jul 15, 2003 at 12:36:05PM -0400, John Simpson wrote: > the current version of the SMTP-AUTH patch contains a serious bug which can > accidentally allow somebody who forgets one or more of the command line > parameters to start running an open relay by accident. it has been reported > in several places over the last week, including this message on the qmail > mailing list: A possible configuration problem is NOT a reason to disallow legitimate configurations or to enforce the use of useless dummy arguments, and unless you are going to invent some kind of artificial intelligence inside tools or installers using checkpassword i request that you stop this. While the usual usage of checkpassword is something like this tcpserver host port prog1 [args] checkpassword prog2 [args] there is no reason why one has to call it that way. One may replace the part starting from "checkpassword" by a wrapper (this may be especially handy to add logging, to try more than one checkpassword style program or when one has to use different "tcpserver...prog1" combinations all sharing identical later commandline arguments - i've seen this being used). Cluttering the commandline with "dummy-argument-for-stupid-patches" or whatever is not going to do any good, is not looking good, and does not add any security at all. In fact, someone stupid enough to patch qmail without understanding the patch and stupid enough to ignore vital parts of it's documentation (the examples, at least) is likely to be stupid enough to change the order of checkpassword and /bin/true, too. Are you now going to patch /bin/true to bail out in case it finds commandline arguments? > http://www.jms1.net/qmail/ has the modified "auth.patch" file available for > download. please? Are you seriously expecting that this: + if(argc > 2) + { + hostname = argv[1]; + childargs = argv + 2; + useauth = 1; + } will work? Hint: when called "qmail-smtpd HOST CHECKPASSWORD" argc will be 3. I'd call this a beginners mistake, but even beginners are supposed to test their code. > the changes i've made (actually CHECKING argc instead of assuming there will > be something there) need to be incorporated into the qmail-smtpd-auth patch i suggest you start "CHECKING" your code. While i'm at it: Your qmail-1.03-jms1-antispam.patch not only violates the SMTP protocol (replying OK when the mail will definitively not reach the recipient) but does that in case of almost any programming or configuration problem in the filter chain, causing shell/filters to exit with 1. Why the heck did you change exit code 1 from "temporary problem, try again later" to "throw away that mail"? Why do you actually run a smtp server if your mail is worthless? Regards, Uwe
