From owner-freebsd-ports@FreeBSD.ORG Sun Jul 24 20:06:12 2005 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B297716A41F; Sun, 24 Jul 2005 20:06:12 +0000 (GMT) (envelope-from josemi@freebsd.jazztel.es) Received: from 62-15-213-209.inversas.jazztel.es (62-15-213-209.inversas.jazztel.es [62.15.213.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87EF343D48; Sun, 24 Jul 2005 20:06:11 +0000 (GMT) (envelope-from josemi@freebsd.jazztel.es) Received: from redesjm.local (orion.redesjm.local [192.168.254.16]) by 62-15-213-209.inversas.jazztel.es (8.13.3/8.13.3) with ESMTP id j6OK62gQ044778; Sun, 24 Jul 2005 22:06:02 +0200 (CEST) (envelope-from josemi@redesjm.local) Received: from localhost (localhost [[UNIX: localhost]]) by redesjm.local (8.13.3/8.13.3/Submit) id j6OK62P3050002; Sun, 24 Jul 2005 22:06:02 +0200 (CEST) (envelope-from josemi@redesjm.local) From: Jose M Rodriguez To: Yarema Date: Sun, 24 Jul 2005 22:06:01 +0200 User-Agent: KMail/1.8.1 References: <200507241509.44752.josemi@redesjm.local> <200507241644.15692.josemi@redesjm.local> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200507242206.02218.josemi@redesjm.local> X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-7; AVE: 6.31.1.0; VDF: 6.31.1.0; host: antares.redesjm.local) Cc: ports@freebsd.org, Oliver Lehmann Subject: Re: security/courier-authlib and courier user X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jul 2005 20:06:12 -0000 El Domingo, 24 de Julio de 2005 20:43, Yarema escribi=F3: > --On Sunday, July 24, 2005 16:44:14 +0200 Jose M Rodriguez > > wrote: > > El Domingo, 24 de Julio de 2005 15:29, Oliver Lehmann escribi=F3: > >> Jose M Rodriguez wrote: > >> > Hi, > >> > > >> > After using courier-authlib with maildrop (from sendmail) and > >> > courier-imap, I can't see any reason to have a courier user. > >> > > >> > This seems more a need of the courier mailer, and maybe of the > >> > tarball build/install system (I doubt). > >> > > >> > So, I'm thinking about the convenience of don't do any courier > >> > user work and do a rcNg for the courier mailer that fire-up all > >> > the components (and not use courier-authlib rcNG for courier > >> > mailer). I think the courier user only matters to the courier > >> > mailer. > >> > >> "For the Courier mail server, /var/run/courier/authdaemon should > >> be owned by the userid that Courier is installed under, and it > >> must be readable and writable by the Courier user and group (but > >> no world permissions)." > >> > >> How can I do this if I don't create the courier user with > >> courier-authlib? > > > > First, this needs test, but I think that the real problem is > > using /usr/local/etc/rc.d/courier-authdaemond.sh with courier > > mailer. > > > > I think courier mailer users must maintain > > courier_authdaemond_enable to NO and embed > > /usr/local/etc/rc.d/courier-authdaemond.sh functonality in its own > > rc script. > > > > This have more sense with the closed concept of the courier mailer. > > > > Also thinking in support ${courier_authdaemond_user:=3Droot} > > in /usr/local/etc/rc.d/courier-authdaemond.sh > > > > -- > > josemi > > First let me quote the relevent portion of > http://www.Courier-MTA.org/authlib/INSTALL.html then I'll add my > thoughts on this. > > In the all inclusive courier MTA having the courier-authlib config > files owned by UID/GID "courier" allows the webadmin CGI to be used > to administer all things courier including courier-authlib. But more > importantly having user "courier" improves security by sandboxing > the daemons into running under a UID/GID not used by anything else.=20 > Yes, according to the docs above we could use user "daemon" or any > number of other pre-existing UIDs. But that goes against the thinking > of current security practice that having daemons with any security > implications run under a sandbox UID/GID is a Good Thing. I mean, > the OpenBSD folks go to great lengths to include privilege separation > into everything they run just in case there might be a vulnerability > which could wreak havoc if the daemon was running with root > privileges. Also look at how the functionally closest package to > courier-authlib does things: cyrus-sasl installs and uses UID/GID > cyrus. And again the main reason is sandboxing or privilege > separation if you will. config (${PREFIX}/etc) owned by courier seems a good point to maintain=20 things as used now. =2D- josemi