Wrote Odhiambo Washington:
> * Alan Hicks <[EMAIL PROTECTED]> [20030929 13:33]: wrote:
>
[...]
> > You need to set the user permission for the process that will be
> > delivering the mail. In my setup I have dbmail owner set to 'mail'
> > and in my exim.conf have the delivery as follows:
> >
> > local_delivery:
> > driver = pipe
> > command = "/usr/local/sbin/dbmail-smtp -d [EMAIL PROTECTED]"
> > return_fail_output
> > user = mail
> >
> > If you have the dbmail owner set to anything else, just set the
> > user = anything else
>
> ;)
>
>
> > PS Setting the user to nobody would allow the user nobody (such as apache
> > or other low level users) to submit mail.
>
> Does that compromise the security? Just a bit lost. Is that bad?
Since the DBMail config files also includes the SQL username and
password to get to the DBMail system's database, anyone able to view
it can thus access the SQL server, and then proceed to:
* Read, delete, or alter existing messages
* Forge new messages
* See or change user passwords
* Delete user accounts or create new ones (ex: temporary spam-reply
mailboxes)
* Redirect messages from one mailbox to another (ex: the attacker's
so they can continue reading someone else's mail)
* Trash your DBMail tables and cause DBMail to fail completely
(assuming enough access is granted to that SQL username)
All of those possibilities is serious. There may be more I haven't
even touched on yet, too.
To mitigate these risks, it's best to install the DBMail config files
with a unique username, and then set the permissions on the DBMail
config files (at minimum the file containing the SQL user/pass)
to only allow read-access from that username.
ANY access granted to a user used for any other purpose, for example
Apache's "nobody" user, then programs also running under that user
(such as normal PHP scripts!) would be able to read your DBConf file,
and then do the harm I listed above.
I hope this thoroughly explains the security aspects. :)
-Daniel
--
Daniel Brown <[EMAIL PROTECTED]>
