On Mon, 2010-07-12 at 23:33 +0300, Buzai Andras wrote:
I have one more question. It may sound like a dumb question but I'll ask anyway :). Since in Dovecot v2.0, LMTP is running as "root" isn't this a security risk of the same level as running "deliver" with sudo in Dovecot v1.2?
LMTP runs as root and temporarily drops privileges while delivering mail to user. Depending on your point of view that's either better or worse than sudo deliver.
It's better because there is no user that must be trusted. Only communication to LMTP server goes via LMTP protocol.
It's worse because if there is a security hole in Dovecot's mailbox handling code, a remote user can get root privileges by simply sending a mail to the server. (With deliver it would get access only to the non-root user running deliver, which may be almost as bad.)