[Dovecot] Why can NOT login as root

Alex other at ahhyes.net
Tue Sep 20 06:49:23 EEST 2011


 On Tue, 20 Sep 2011 02:50:32 +0300, Timo Sirainen wrote:
> On 20.9.2011, at 2.22, Linda Walsh wrote:
>
>> I can log in via SSH, so why not allow it with secure IMAP?  I 
>> suppose
>> really, if someone wants to run as root with no password dovecot 
>> should be
>> **configurable** to allow  this -- as we can't always understand the 
>> needs
>> of end users.
>
> Because there's no good reason to read mails as root. If you can give
> me a good reason I might reconsider, but I highly doubt that's going
> to happen.
>
> Anyway it's mainly about making sure that in the case of some
> internal security hole (or misconfiguration) in Dovecot at least that
> security hole couldn't be leveraged to gain root privileges that 
> would
> allow reading everyone's mails.
>
>> Example.  You have a system on which  root uid=0 means nothing 
>> (assigns no
>> privs -- all assigned via privilege/capability bits).
>>
>> This means dovecot is hardcoded to lock out a user that may have no
>> privileges, but has no prob permitting access to those with full
>> Capability/priv sets.
>
> Rare, and in such cases irrelevant.




More information about the dovecot mailing list