Dmitry Niqiforoff <[EMAIL PROTECTED]> writes on 8 September 1999 at 11:24:45 +0500
> Yesterday I found that any user are able to start any program at
> server with .qmail file. This could be potentially dangerous, AFAIU. As
> an example: I denied TELNET access (disabled the service in inetd.conf),
> but any user can put "|in.telnetd" in their .qmail file (ofcourse, there
> should be not only in.telnetd to work correctly).
> Also, any user are able to get our /etc/passwd file. It is not
> dengerous because there is no passwords, but it is possible to a) find
> out where user homedir is, and b) get total list of the users which can
> be later used for, lets say, spamming.
> Your imagination is the only limit for this.
Insufficient data; if these users have shell accounts, they can
already do all the things you mention and more. qmail-local, which is
the one that reads the .qmail file, runs as the user, so it can only
do the things the user can do. No possible compromise in that case.
If you're talking about a setup where the users don't have shell
access, but do have a UID and a home directory, that's harder, but not
completely impossible. Many of the other responses have addressed
approaches to this case.
You might be better off moving to some sort of single-UID POP system;
pointers on the qmail site I believe (I don't run such a thing myself
so I have rather limited opinions on the topic). This takes away the
foothold that users might employ to gain full access to your server.
--
David Dyer-Bennet ***NOTE ADDRESS CHANGES*** [EMAIL PROTECTED]
http://dd-b.lighthunters.net/ (photos) Minicon: http://www.mnstf.org/minicon
http://www.dd-b.net/dd-b (sf) http://ouroboros.demesne.com/ Ouroboros Bookworms
Join the 20th century before it's too late!
