[Dovecot] imapc vs auth-userdb security
Lutz Preßler
Lutz.Pressler at SerNet.DE
Wed Sep 14 14:40:00 EEST 2011
Hello,
with imapc settings coming from userdb (individual configuration necessary)
there exists a security problem if access to auth-userdb socket is given
to normal (shell) users:
testuser at host:~$ doveadm user user1
userdb: lpmail
uid : 1000
gid : 1111
home : /home/user1
namespace : gmail
namespace/gmail/list: yes
namespace/gmail/subscriptions: no
namespace/gmail/separator: .
namespace/gmail/prefix: INBOX.gmail.
namespace/gmail/location: imapc:~/Maildir/gmail
imapc_host: imap.gmail.com
imapc_user: someuser at gmail.com
imapc_password: cleartextpassword!
imapc_ssl : imaps
imapc_ssl_ca_dir: /etc/ssl/certs
imapc_port: 993
Lutz
More information about the dovecot
mailing list