[Dovecot] Deliver EX_TEMPFAIL's without giving any information
Timo Sirainen
tss at iki.fi
Tue Dec 29 23:25:03 EET 2009
On Tue, 2009-12-29 at 15:04 +0600, Denis Khromov wrote:
> /usr/local/libexec/dovecot/deliver must not be both world-executable
> and setuid-root. This allows root exploits. See
> http://wiki.dovecot.org/LDA#multipleuids
..
> I think this error message should go to log files, not just to
> stdout/stderr.
But that could be too late.. Someone could create a mydovecot.conf that
says log_path = /etc/passwd and run deliver -c mydovecot.conf and mess
up the passwd file by having it log the above message to it, or
something similar to that.
What could be possible is to also log it to syslog, but not everyone is
using syslog and with the default mail facility. Seems like that could
also cause trouble.
> And it's worth to describe this behaviour in the Wiki.
Well, it only affects those people who upgrade from old version and
actually have deliver set up as setuid-root. I don't think there are
that many of those left. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091229/a9680e50/attachment.bin
More information about the dovecot
mailing list