secure setup for imap hibernation - dovecot - dovecot.org

newer
How to check which version of...

secure setup for imap hibernation

older
Re: Password encription

Arkadiusz Miśkiewicz

27 Oct 2017 27 Oct '17

11:20 a.m.

Hi.

What's the approach for securely enabling imap hibernation in case when each user uses different uid and gid?

Looks like none and 0666 on hibernation and imap master sockets is the only way?

Thanks,

Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )

Reply

Sign in to reply online Use email software

Show replies by date

Aki Tuomi

27 Oct 27 Oct

12:17 p.m.

On 27.10.2017 11:20, Arkadiusz Miśkiewicz wrote:

That's the only way, yes. Hibernation keeps all connections in same process.

Aki

Reply

Sign in to reply online Use email software

Arkadiusz Miśkiewicz

12:32 p.m.

On Friday 27 of October 2017, Aki Tuomi wrote:

Couldn't dovecot do setgroups(2) to add additional common group to imap/hibernation processes and rely on that for access to sockets (sockets would be root:thatgroup 0660) thus making it a bit more secure?

Non mail related uids/gids wouldn't have access to sockets that way.

Aki

-- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )

Reply

Sign in to reply online Use email software

Aki Tuomi

12:44 p.m.

On 27.10.2017 12:32, Arkadiusz Miśkiewicz wrote:

It could. But at the moment it's not, pull request to do this is always welcome. It would also need some way to choose correct socket.

Aki

Reply

Sign in to reply online Use email software

2736

Age (days ago)

2736

Last active (days ago)

3 comments

2 participants

tags

participants (2)

Aki Tuomi
Arkadiusz Miśkiewicz