On Wed, Dec 11, 2002 at 10:33:03AM +0100, Martin Fahrendorf wrote: > To bind to a port less than 1024 you need root privileges. All mailports > are less than 1024. so initialy you need root privileges. OK, you can drop > it once you have bind to port 25 and change to a less privileged user. but > if you want to store the mail in a users mailbox you need the privilege to > write in this mailbox which, at least on my system, only the user can do. > So eiter yo create a group which also has access to the mailbox files (and > therefor can delete or read all mailboxes) or you had to change the user > while delivering the mail. But only root can change user without typing > the password.
Umm this program doesn't listen for any incoming mail. It doesn't require any privleged ports. > Btw, postfix does not run one single program with root privileges. there is > only the master daemon. all the rest runs as user postfix and only the > local delivery agent runs as the user which should reveive the mail. But that wasn't my point. Even getting the permissions of the postfix user can allow someone access to queued mail files. If any of the pieces of postfix which have greater permissions than the user has a buffer overflow that could be triggered by a mail message, the user could carefully craft a message which would allow them to get access beyond what they would ordinarily have. Given that postifx runs in a chroot jail, it would be very difficult to do much, but it is still possible. In the case of esmtp this is not possible at all. Since no part of esmtp runs with any other privleges than the user it is much more secure than postfix. Even if it has a buffer overflow, the worst you can do is do something as yourself. The only real issues it might have is if there is a bug in the authentication routines that caused it to leak passwords, or causes it not to handle the TLS properly. However, postfix has the same possible vulnerabilities. TLS in both cases is implemented with the openssl library. So in all I see esmtp as a gain for security... > Yes, most endusers does not need a full featured mailserver like postfix. > But you need a secure alternative and I don't know any besides not useing > a mta. I don't see what you think is insecure about esmtp? Buffer overflows in it would in general would be less of a risk than in postfix. And the remaining issues, I don't think postfix is any less vulnerable to. -- Ben Reser <[EMAIL PROTECTED]> http://ben.reser.org "If you're not making any mistakes, you're flat out not trying hard enough." - Jim Nichols
