Am 04.07.2018 um 15:34 schrieb Mauro Mozzarelli:
> Perhaps I was not clear. Admins have to have access to dbmail.conf. But
> they cannot be be handed the DB credentials in clear
it's not possible
> Preventing admin access to dbmail.conf should not be necessary and it is
> not acceptable.
what do they do all the time in dbmail.conf - i don't see any value
there which changes more than every few year if at all
-rw------- 1 root root 2.2K 2016-06-09 01:00 /etc/dbmail.conf
> JBoss is open source too, but they appear to be having resolved the
> problem. One could introduce a variable encryption seed at installation
> time which is only valid for that deployment
but you still can decrypt it in that deployment, it's just more work to
do so, if the service can decrypt it it needs to have access to the key
and so have i as root
if you use the same credentials for more than one deployment you are
doing it wrong to begin with
someone could introduce a "/etc/dbmail.conf.d/" folder with config
snippets merged (likely you need to provide a patch at your own becasue
it's something nobody else asked before all the years) but even with
sudoers it will be tricky to allow edit/watch files but not a sepcific
one with the credentials
> On 02/07/18 06:15, Thomas Raschbacher wrote:
>> Hi.
>>
>> If you used a symetric encryption you'd still have the decryption
>> available within the dbmail binaries, and - since it is open source -
>> you'd be able to look at the algorithm and still somehow decrypt the key.
>> Asymetric might be slightly better, but still the same applies in the
>> end if someone has root on your system ...
>> Best would be if you added some other security measures to make
>> dbmail.conf inaccessible to your admins (selinux or something should
>> be able to do that somehow i think )
>>
>> or to make it even easier: just give your dbmail admins non-root
>> access with sudo configured to only run dbmail-users and dbmail-util
>> (or whatever is needed):
>>
>> https://superuser.com/questions/767415/limit-user-to-execute-selective-commands-linux#767419
>>
>> that way your mail-admins cannot access dbmail.conf directly -- and
>> make sure you do not have things like strace or gdb on your servers to
>> be safe..
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://lists.nfg.nl/mailman/listinfo/dbmail
