Wietse Venema via Postfix-users:
> Maybe you can solve the root cause: fix the broken permission.
>
> Otherwise, consider running Postfix with an LD_PRELOAD as shown below.
>
> /etc/ld.so.preload:
> /etc/postfix/preload.so
>
> Where preload.so intercepts fopen(), inspects the argument, and
> then calls the real fopen().
This has system-wide impact, i.e. it will affect every (native-code)
program, not just Postfix.
The /etc/postfix/preload.so may not be appropriate for a system-wide
preload.
You may want to test this in a VM first, otherwise you might end
up with an unusable system.
Wietse
> Below is untested preload code. You may also have to redirect
> fopen64.
>
> The code was used in a system to police all libc calls that have a
> pathname argument.
>
> https://www.ndss-symposium.org/ndss2010/where-do-you-want-go-today-escalating-privileges-pathname-manipulation/
>
> Wietse
>
> /* preload.c - build with: cc -fpic -shared -o preload.so preload.c */
>
> #include <sys/types.h>
> #include <dlfcn.h>
> #include <stdio.h>
> #include <fcntl.h>
> #include <stdarg.h>
> #include <stdlib.h>
>
> static FILE *(*_real_fopen) (const char *, const char *);
>
> /* fopen - redirect /proc/net/if_inet6" to "/etc/postfix/proc_inet_if_inet6"
> */
>
> FILE *fopen(const char *path, const char *mode)
> {
> if (path == "/proc/net/if_inet6")
> path = "/etc/postfix/proc_inet_if_inet6";
> if (_real_fopen == 0)
> _real_fopen = (FILE *(*) (const char *, const char *))
> dlsym(RTLD_NEXT, "fopen");
> if (_real_fopen == 0) {
> perror("dlsym(\"fopen\")");
> return (0);
> }
> return _real_fopen(path, mode);
> }
> _______________________________________________
> Postfix-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
