[Dovecot] Dovecot "deliver" with multiple UIDs (security question)

Timo Sirainen tss at iki.fi
Mon Jul 12 17:35:13 EEST 2010


On Mon, 2010-07-12 at 00:09 +0300, Buzai Andras wrote:

> dovecot  unix  -       n       n       -       -       pipe
>   flags=DRhu user=*mysudoeruser* argv=/usr/bin/sudo /usr/lib/dovecot/deliver
> -f ${sender} -d ${recipient}
> 
> When you say that:
> *
>  "Basically the user that calls deliver via sudo has the ability to gain
> root privileges (e.g. by telling deliver to
> load a plugin that execs a shell)."*,
> 
> do you refer to the postfix user or to the user specified in the master.cffile (
> *mysudoeruser* in my case)?

mysudoeruser (that's who you gave sudo access, right?)

> In my configuration the user "mysudoeruser" is a dedicated user only for
> this action and it is not allowed to login, etc ...
> 
> So basically for somebody to gain root access it should compromise the
> "mysudoeruser" dedicated user, right?

Yeah.

> Would you use this setup in a production environment? :)

I guess it's not too bad. But I'd switch to LMTP once you've upgraded to
Dovecot v2.0.



More information about the dovecot mailing list