[Dovecot] Dovecot "deliver" with multiple UIDs (security question)
Timo Sirainen
tss at iki.fi
Mon Jul 12 17:35:13 EEST 2010
On Mon, 2010-07-12 at 00:09 +0300, Buzai Andras wrote:
> dovecot unix - n n - - pipe
> flags=DRhu user=*mysudoeruser* argv=/usr/bin/sudo /usr/lib/dovecot/deliver
> -f ${sender} -d ${recipient}
>
> When you say that:
> *
> "Basically the user that calls deliver via sudo has the ability to gain
> root privileges (e.g. by telling deliver to
> load a plugin that execs a shell)."*,
>
> do you refer to the postfix user or to the user specified in the master.cffile (
> *mysudoeruser* in my case)?
mysudoeruser (that's who you gave sudo access, right?)
> In my configuration the user "mysudoeruser" is a dedicated user only for
> this action and it is not allowed to login, etc ...
>
> So basically for somebody to gain root access it should compromise the
> "mysudoeruser" dedicated user, right?
Yeah.
> Would you use this setup in a production environment? :)
I guess it's not too bad. But I'd switch to LMTP once you've upgraded to
Dovecot v2.0.
More information about the dovecot
mailing list