19 Oct
2005
19 Oct
'05
5:21 p.m.
"TS" == Timo Sirainen tss@iki.fi writes:
TS> In any case login/master processes wouldn't have to know anything
TS> about GSSAPI there, they'd just forward parameters from
TS> dovecot-auth blindly (I think master already does?).I'm not sure it does. I've tried handing back gssapi_qop, gssapi_max_size and gssapi_context as extra fields but I've not obviously seen those fields available in the imap process.
TS> plus side there is that if there happens to be any exploitable
TS> security holes in GSSAPI library, login process would be running
TS> in chroot and attacker wouldn't get direct access to anyone's
TS> mails.Couldn't this be a downside also? The login process would hold the user credentials but is running as the same user as all the other imap-login/proxy processes - if there were a way to get at the process address space of the other processes one could steal the credentials. I can't decide if this is just a theoretical possibility or a credible risk.