[Dovecot] Dovecot "deliver" with multiple UIDs (security question)

Timo Sirainen tss at iki.fi
Mon Jul 12 23:37:03 EEST 2010

On Mon, 2010-07-12 at 23:33 +0300, Buzai Andras wrote:

> I have one more question.
> It may sound like a dumb question but I'll ask anyway :).
> Since in Dovecot v2.0, LMTP is running as "root" isn't this a security risk
> of the same level as
> running "deliver" with sudo in Dovecot v1.2?

LMTP runs as root and temporarily drops privileges while delivering mail
to user. Depending on your point of view that's either better or worse
than sudo deliver.

It's better because there is no user that must be trusted. Only
communication to LMTP server goes via LMTP protocol.

It's worse because if there is a security hole in Dovecot's mailbox
handling code, a remote user can get root privileges by simply sending a
mail to the server. (With deliver it would get access only to the
non-root user running deliver, which may be almost as bad.)

More information about the dovecot mailing list