John Hall wrote:
On 4/15/06, W B Hacker <[EMAIL PROTECTED]> wrote:
>> John Hall wrote:
[non-interactively sudo'ing from exim to root to add iptables rules]
See NOPASSWD in man sudoers.
I think I am beginning to see why some folks say Linux is no
more secure than Windows.....
That depends how you configure it. A machine running the most secure OS
in the world (whatever that is) isn't very secure if you set the
administrator password to "password". That's not a fault of the OS.
It depends. Obviously if you have
mail ALL=(root) NOPASSWD ALL
then that's not a good idea, but if you restrict mail to running just
some wrapper scripts that invoke iptables appropriately, then it is
reasonably secure.
Except that a compromise of "mail" means a root compromise. It's rather
a shame to throw away all Exim's careful user-switching (to try to limit
the effect of any compromise) just so you can do iptables rules.
Marc, you'd be better off writing whatever you're dealing with (IP
addresses, hostnames, whatever) to a file (as the exim user) and then
have a cronjob run as root that comes round every couple of minutes,
reads from that file (with careful sanity checking/input validation) and
creates the appropriate iptables rules. That would be considerably more
secure. That way, the worst a "mail" user compromise can do is screw up
your iptables rules, not get a root shell.
Tim
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
