[Dovecot] Solving CVE-2008-4870

intrigeri intrigeri at boum.org
Thu Nov 13 15:32:00 EET 2008


Michal Hlavinka wrote (13 Nov 2008 11:03:48 GMT) :
> we're trying to solve CVE-2008-4870 = rhbz#436287 = dovecot.conf is world readable -
> possible password exposure.

> This problem seems to be little more complicated than we thought.

> dovecot.conf can contain passphrase for ssl key, which is available for everyone
> since dovecot.conf has world readable permissions.

> (In CVE's description is note that it RHEL's/Fedora's problem, but it affects all
> systems imo)

> We was thinking about few ways how to fix it:
> 1) 0640 permissions for dovecot.conf - but it can became not readable for dovecot

File-system ACL's are usually my preferred solution for this class of
problems (i.e. set 0640 permissions, and add read access for the
dovecot user via ACL's).

But it may not be applicable from a distribution point of view, since
it's hard to guarantee that the file-system where /etc lives is
mounted with ACL's enabled, or even supports them.

It may be a good long-term idea for distributions to migrate installed
systems to ACL-enabled root file-systems, and to enable them by
default on new installs. Once it's done, this whole class of problems
will find a natural and easily applicable solution.

  intrigeri <intrigeri at boum.org>
  | gnupg key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | Do not be trapped by the need to achieve anything.
  | This way, you achieve everything.

More information about the dovecot mailing list