Just to be devil's advocate - what are the real threats behind the bin
running SUID root?
I mean - what's in the code that can be broken? Are the functions solid
enough to only make limited calls?
bill
Sam Varshavchik writes:
> Roland Schneider writes:
>
>> --On Freitag, 25. Mai 2001 22:14 +0800 Jericho Hell
>> <[EMAIL PROTECTED]>
>> wrote:
>>
>>> Hey
>>> I am unsure if this has been posted... but could anyone tell
>>> me what is
>>> necessary to be done to run sqwebmail 2 in a chrooted
>>> environment.
>> If your sqwbmail is setuid root (the default) you could
>> insert a chroot() right bevore it drops the privilegies
>> and then fix a few paths in the source.
>
> That's not going to work. At some point you probably will want to send a
> message, or two, and unless sendmail/qmail-inject is in your chroot jail,
> somewhere, this is going to be a rather pointless excersize.
>
>> On FreeBSD simply build a jail for the mail-system, then
>> log into the jail and compile the courier-package (and a
>> webserver, the small thttpd should be fine...) from there.
>
> You know, by the time you're done, you'll probably end up with >90% of the
> standard OS in the chroot jail, and you would've reached a point of
> diminishing returns a long time ago.
>
> The best solution, IMO, is to simply set up a dedicated mail box that is
> not trusted, in any way, by any other machine in your network. Plug that
> machine into another box, which is dual-homed, and set up a tight firewall
> on the gateway box that allows a severely limited set of IP traffic to
> pass through to the mail box: HTTP in, from an unprivileged port, and SMTP
> out. That's it. Perhaps SSH in as well, if you want to administer the
> mail box remotely.
>
> This is going to far easier, and faster, to set up, with standard tools,
> is going to be a much more stable environment, and much easier to work
> with.
>
>
> --
> Sam
--
I'm Bill - what are you?
