diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT index 3f7f0fe5..96eac7d4 100644 --- a/CHANGELOG.TXT +++ b/CHANGELOG.TXT @@ -11,6 +11,16 @@ # $Id$ +Version 2.3rc4 - 2009/04/18 - SVN r632 +-------------------------------------- + + - *Security fix* - on upgrade setup.php is restored; allowing a malicious + user to create their own superadmin account. We've removed the requirement to delete + setup.php, and instead a new config parameter (setup_password) is used to protect access + to this page. Password is encrypted, and setup.php can be used to generate the initial value. + - Fix undefined variables problem(s) + - Fix PostgreSQL date timestamp issues... + Version 2.3rc3 - 2009/04/06 - SVN r611 -------------------------------------- diff --git a/DOCUMENTS/UPGRADE.txt b/DOCUMENTS/UPGRADE.txt index a8cc9c64..d1b1768f 100644 --- a/DOCUMENTS/UPGRADE.txt +++ b/DOCUMENTS/UPGRADE.txt @@ -43,7 +43,7 @@ or Make sure that you are in your WWW directory and then unarchive the Postfix Admin archive (whatever the filename is): - $ tar -zxvf postfixadmin-2.2.tgz + $ tar -zxvf postfixadmin-X.X.tgz 3. Change permissions @@ -66,28 +66,32 @@ relevant to your setup. Comparing config.inc.php with your previous using "diff" might save you some time. +You can use a config.local.php file to contain your local settings - these will override any +defined in config.inc.php -5. Perform appropriate database upgrades +5. Run setup.php ---------------------------------------- +Access setup.php through a web browser. + +It will attempt to upgrade your database, and also allow you to create a superadmin user. + +From version 2.3, you need to specify a setup_password in config.inc.php - +setup.php should guide you through this process. If you do not have a setup_password, type one +into the form, and setup.php will echo out the hashed value (which needs to go into config.inc.php). +The setup_password removes the requirement for you to delete setup.php, and also closes a security hole. + Since version 2.2 of Postfixadmin, setup.php can perform the needed database updates automatically . -Open setup.php in your browser to update your database scheme. - If you update from 2.1 or older, also create a superadmin account using setup.php. Note that admin/ has been merged into the main directory. Login with the superadmin account to setup domains and domain admins. -6. Delete setup.php -------------------- -Delete setup.php - it allown non-authorized users to create a superadmin -account! - -7. Done +6. Done ------- This is all that is needed. Fire up your browser and go to the site that you specified to host Postfix Admin. diff --git a/INSTALL.TXT b/INSTALL.TXT index 515da89d..49b3c2a8 100644 --- a/INSTALL.TXT +++ b/INSTALL.TXT @@ -104,13 +104,12 @@ You should see a list of 'OK' messages. The setup.php script will attempt to create the database structure (or upgrade it if you're coming from a previous version). -Assuming everything is OK you can create the admin user using the form displayed. +Assuming everything is OK you can specify a password (which you'll +need to use setup.php again in the future); when you submit the form, +the hashed value (which you need to enter into config.inc.php is echoed +out - with appropriate instructions on what to do with it). -Once you submit the form, all that's left to do is to delete "setup.php" - -e.g. - -mv setup.php setup.php.disabled +create the admin user using the form displayed. 5. Use PostfixAdmin ------------------- @@ -122,4 +121,7 @@ specified to host Postfix Admin. ------------------- As of March 2007, PostfixAdmin moved to SourceForge. For the forum posts and source updates, see: + https://sourceforge.net/projects/postfixadmin + +There is also #postfixadmin on irc.freenode.net. diff --git a/config.inc.php b/config.inc.php index e69518db..8699ebb9 100644 --- a/config.inc.php +++ b/config.inc.php @@ -31,7 +31,9 @@ if (ereg ("config.inc.php", $_SERVER['PHP_SELF'])) */ $CONF['configured'] = false; -// In order to setup Postfixadmin, you MUST change the password below. +// In order to setup Postfixadmin, you MUST specify a hashed password here. +// To create the hash, visit setup.php in a browser and type a password into the field, +// on submission it will be echoed out to you as a hashed value. $CONF['setup_password'] = 'changeme'; // Postfix Admin Path diff --git a/debian/changelog b/debian/changelog index 4df1e668..818667fd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +postfixadmin (2.3rc4) unstable; urgency=low + + * Security fix for setup.php (issue occurs for those upgrading only; where + it's possible for a new admin user to get created by nasty.person) + * SVN revision 632 + + -- David Goodwin Sat, 18 Apr 2009 21:00:00 +0000 + postfixadmin (2.3rc3) unstable; urgency=low * Attempt at fixing Debian build issues (thanks to mez@sourceguru.net) diff --git a/functions.inc.php b/functions.inc.php index 9f858ed1..aa2aa44c 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -22,7 +22,7 @@ if (ereg ("functions.inc.php", $_SERVER['PHP_SELF'])) exit; } -$version = '2.3 rc3'; +$version = '2.3 rc4'; /** * check_session