[Dovecot] valid_chroot_dirs question

Timo Sirainen tss at iki.fi
Thu Nov 2 18:50:59 UTC 2006

On Mon, 2006-10-23 at 18:32 +0200, Luca Corti wrote:
> # ':' separated list of directories under which chrooting is allowed for
> mail
> # processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar
> too).
> # This setting doesn't affect login_chroot or auth_chroot variables.
> # WARNING: Never add directories here which local users can modify, that
> # may lead to root exploit. Usually this should be done only if you
> don't
> # allow shell access for users. See doc/configuration.txt for more
> information.
> #valid_chroot_dirs = 
> Now if I set
> valid_chroot_dirs = /home
> everything works, but the WARNING pretty much scares me since user foo
> HAS shell access. Is this safe? Is there a way to avoid this? Why I
> can't chroot to /home/foo/./ if I can to /home/foo ?

Well, the warning is perhaps a bit too cautious. As long as

1) Dovecot has no security holes
2) You're not giving users the possibility to run all kinds of system
commands via IMAP (can't see a reason to do that..)

there shouldn't be any problems.

Also if the /home partition is mounted with nosuid option it's always

The problem is that a user can hardlink a setuid binary (eg. /bin/su)
inside the chroot and create his own lib/libc.so. After that it's only
needed to be executed inside chroot.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20061102/d734592f/attachment.pgp 

More information about the dovecot mailing list