Getmail

18 November 2004

-documentation updates.
-getmailrc examples file updated. Thanks: Scott Robbins.
-clarify error message when user insecurely tries to deliver mail as GID 0.

11 October 2004

-in child delivery processes, change real as well as effective uid/gid.
Thanks: David Watson.
-handle corrupted oldmail file better. Thanks: Matthias Andree.

8 October 2004

-set message attributes on corrupt container objects to prevent problems
with destinations that expect multidrop-retrieved messages.
Thanks: Harry Wearne.
-move tests for existence of file from mbox destination initialization
to delivery method, and change error from configuration to delivery error.
Thanks: David Watson.

18 September 2004

-SECURITY: previous versions of getmail contain a security vulnerability.
A local attacker with a shell account could exploit a race condition (or a
similar symlink attack) to cause getmail to create or overwrite files in a
directory of the local user's choosing if the system administrator ran getmail
as root and delivered messages to a maildir or mbox file under the control of
the attacker, resulting in a local root exploit. Fixed in versions 4.2.0
and 3.2.5.
This vulnerability is not exploitable if the administrator does not deliver
mail to the maildirs/mbox files of untrusted local users, or if getmail is
configured to use an external unprivileged MDA. This vulnerability is
not remotely exploitable.
Thanks: David Watson. My gratitude to David for his work on finding and
analyzing this problem.
-Now, on Unix-like systems when run as root, getmail forks a child
process and drops privileges before delivering to maildirs or mbox files.
getmail will absolutely refuse to deliver to such destinations as root;
the uid to switch to must be configured in the getmailrc file.
-revert behaviour regarding delivery to non-existent mbox files. Versions
4.0.0 through 4.1.5 would create the mbox file if it did not exist; in
versions 4.2.0 and up, getmail reverts to the v.3 behaviour of refusing
to do so.

13 September 2004

-getmail would not delete messages from the server if it was configured not
to retrieve them and the delete_after directive was not in use (i.e. user
normally left messages on server but occasionally wanted to force-delete
them). Fixed. Thanks: Frankye Fattarelli.

1 September 2004

-change failure of a message filter to produce at least as many mail headers
as it was provided from a non-fatal error to warning. If your filter strips
headers, getmail will now warn you about it, but will not consider it an
error.
-documentation additions.