[Dovecot] Dovecot "deliver" with multiple UIDs (security question)

Buzai Andras buzai.andras at gmail.com
Mon Jul 12 23:33:47 EEST 2010


Hi,

I have one more question.
It may sound like a dumb question but I'll ask anyway :).
Since in Dovecot v2.0, LMTP is running as "root" isn't this a security risk
of the same level as
running "deliver" with sudo in Dovecot v1.2?

Thank you,

Buzai Andras



On Mon, Jul 12, 2010 at 5:35 PM, Timo Sirainen <tss at iki.fi> wrote:

> On Mon, 2010-07-12 at 00:09 +0300, Buzai Andras wrote:
>
> > dovecot  unix  -       n       n       -       -       pipe
> >   flags=DRhu user=*mysudoeruser* argv=/usr/bin/sudo
> /usr/lib/dovecot/deliver
> > -f ${sender} -d ${recipient}
> >
> > When you say that:
> > *
> >  "Basically the user that calls deliver via sudo has the ability to gain
> > root privileges (e.g. by telling deliver to
> > load a plugin that execs a shell)."*,
> >
> > do you refer to the postfix user or to the user specified in the
> master.cffile (
> > *mysudoeruser* in my case)?
>
> mysudoeruser (that's who you gave sudo access, right?)
>
> > In my configuration the user "mysudoeruser" is a dedicated user only for
> > this action and it is not allowed to login, etc ...
> >
> > So basically for somebody to gain root access it should compromise the
> > "mysudoeruser" dedicated user, right?
>
> Yeah.
>
> > Would you use this setup in a production environment? :)
>
> I guess it's not too bad. But I'd switch to LMTP once you've upgraded to
> Dovecot v2.0.
>
>


More information about the dovecot mailing list