[Dovecot] Security Hole in 1.0.13?
Matthias Andree
matthias.andree at gmx.de
Sun May 18 12:02:34 EEST 2008
On Sun, 18 May 2008, Lawrence Sheed wrote:
> Anyone want to assist in finding out how they are getting in?
How about setting up rawlog? Details in the Wiki.
> Definitely dovecot related. If I don't run dovecot, seems secure. As
> soon as I run dovecot, after a few minutes - rooted...
Is your dovecot configuration writable by the dovecot user?
It shouldn't.
What happens if you set the "+i" flag (immutable) with chattr on Linux
(or schg on BSD, JFTR if someone else ), to prevent changes to the
dovecot.conf file?
Can you obtain working and statically linked ps, top, netstat copies
from an uncompromised system or a known-good live CD?
--
Matthias Andree
More information about the dovecot
mailing list