[Dovecot] Why can NOT login as root

Alex other at ahhyes.net
Tue Sep 20 07:03:29 EEST 2011


 On Tue, 20 Sep 2011 13:49:23 +1000, Alex wrote:
> On Tue, 20 Sep 2011 02:50:32 +0300, Timo Sirainen wrote:
>> On 20.9.2011, at 2.22, Linda Walsh wrote:
>>
>>> I can log in via SSH, so why not allow it with secure IMAP?  I 
>>> suppose
>>> really, if someone wants to run as root with no password dovecot 
>>> should be
>>> **configurable** to allow  this -- as we can't always understand 
>>> the needs
>>> of end users.
>>
>> Because there's no good reason to read mails as root. If you can 
>> give
>> me a good reason I might reconsider, but I highly doubt that's going
>> to happen.
>>
>> Anyway it's mainly about making sure that in the case of some
>> internal security hole (or misconfiguration) in Dovecot at least 
>> that
>> security hole couldn't be leveraged to gain root privileges that 
>> would
>> allow reading everyone's mails.
>>
>>> Example.  You have a system on which  root uid=0 means nothing 
>>> (assigns no
>>> privs -- all assigned via privilege/capability bits).
>>>
>>> This means dovecot is hardcoded to lock out a user that may have no
>>> privileges, but has no prob permitting access to those with full
>>> Capability/priv sets.
>>
>> Rare, and in such cases irrelevant.




More information about the dovecot mailing list