[Prev][Next][Index][Thread]
Re: root and mail
Frederik Lindberg wrote:
>
> On Sat, 04 Jan 1997 21:55:24 +0000, Gordan wrote:
>
> >Besides, how can an EMail message execute itself (or a part of itself)?
> >You'd have to download it, extract the program (or a script) and then
> >run it manually for it to do harm, wouldn't you?
>
> Someone would have to modify your ~user/.qmail file or something it executes.
> Thus, 'forward' or 'preline' or anything else you might have in your .qmail
> file becomes a security issue, since they all would be executed by root. Qmail
> tries to check this by requiring that your home dir is not writable by anyone
> other than yourself (on my redhat system I allow the homedir to be group
> writable as the only member of the users group is the user, but that means that
> messing with the /etc/group file is another potential way in), and I think some
> checks are done on the .qmail files as well (don't have the docs handy).
>
> Thus, by allowing root to receive mail you go from qmail which isolates root
> code into a small necessary core to root-executing a potentially large number
> of programs. Any screwup with any of these puts your system at risk. Of course,
> reading your mail as root also executes your mail reader as root. It may invoke
> some otional .rc files etc. Again, you're drastically increasing the number of
> targets for compromize. Just the thing qmail tries to absolutely minimize.
Thanks for clearing that up.
Mind you, qmail is the only mail program that prevents this that I know
of. How many people have had their systems damaged by mail so far?
Gordan
Follow-Ups:
References: