debian/patches/70_postfix-check.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

Index: postfix/conf/postfix-script
===================================================================
--- postfix.orig/conf/postfix-script
+++ postfix/conf/postfix-script
@@ -341,9 +341,17 @@ check-warn)
 	find $todo ! -user root \
 	    -exec $WARN not owned by root: {} \;
 
-	find $todo \( -perm -020 -o -perm -002 \) \
+	# Handle symlinks separately
+	find -L $todo \( -perm -020 -o -perm -002 \) \
 	    -exec $WARN group or other writable: {} \;
 
+	find $todo -type l | while read f; do \
+	    # makedefs out known to be a symlink and OK
+	    if [ "$f" != "/etc/postfix/./makedefs.out" ]; then \
+	      readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \
+	    fi \
+	done; \
+
 	# Check Postfix mail_owner-owned directory tree owner/permissions.
 
 	find $data_directory/. ! -user $mail_owner \