On 2006-07-28, at 1721, Matt Kane wrote:


why are you replying via private email? this conversation started on the vchkpw list, it should stay there. there's nothing in your message which would justify it leaving the list.

I havn't tried this but would it not be possible to simply change where the user home directory is pointed in the vpopmail database? I believe there may be some permission issues but it seems like it could potentially work.

"may be some permission issues" is a major understatement.

the vpopmail domain directory and all of its contents are owned by the numeric uid/gid specified in the domain's users/assign entry, which is usually userid "vpopmail" and group "vchkpw". the qmail- local process which handles the delivery process will be running as this uid/gid. this means that the user would have to make their Maildir writable to the vpopmail userid in order for deliveries to be possible.

this also means that they could set up a .qmail file which runs an arbitrary command as the vpopmail user, and therefore makes it possible for them to do anything with any mailbox on the system. if i were one of these system users, it would be trivial for me to read anybody's mailbox, or add or delete mailboxes, or reset other peoples' passwords, or if the system admin were stupid enough to use plain-text passwords, i could get a list of the passwords for every mailbox on the system.

ten years' of building and running ISP's and mail servers has taught me that there is no such thing as being too careful. i won't say i'm the best in the world at finding security holes, but if i can find something like this, it's a good bet that the black-hat hackers, script kiddies, and other kinds of ankle-biters out there will already have found out about it.

the safe and simple way to do it is like i said, forward it to a "local" address so that the normal qmail mechanisms do the delivery, AS the user's uid/gid. no special permissions are needed, and any scripts that they might add to a .qmail file would run as their own uid/gid, giving them no more access to the system than they would otherwise have.

Another trick would be to make a symbolic link in the users folder to link to the system .qmail file.

what do you mean by "the users folder"? and what do you mean by "the system .qmail file"?

| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <[EMAIL PROTECTED]> |
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to