You don't need to jail postfix for your situation. Build Mutt with smtp support, and set smtp_server to localhost. Your SMTP processes will run in the global context, and mutt will only need a socket to that.
* On 11 May 2014, Shawn Zaidermann wrote: > I understand. There is definitely always that possibility that users will > get a shell. However, can SELinux help in this case? Perhaps I can confined > the users with basic access, one that does not allow a user to run any > execution from their home or /tmp. We have a debian deployment but can > migrate our users to CentOS without a problem. I realized running a chroot > does not help much since the system only runs postfix and mutt. If I jail > mutt, then I have to jail postfix and if I do that, I defeat the purpose of > the jail entirely. > > On 05/10/2014 05:01 PM, Derek Martin wrote: > >On Fri, May 09, 2014 at 03:14:03PM -0700, Shawn Zaidermann wrote: > >>Is there a way to completely disable the shell-escape feature? > >In short, no. If you're trying to prevent mutt users from gaining any > >access to the shell, you also have to concern yourself with things > >like: > > > > my_var=`run arbitrary shell command here` > > > >in the user's .muttrc. The bottom line is Mutt was not designed for > >restricted access... but then neither was any other e-mail client > >AFAIK. > > > >But also, as the author of rssh, I can tell you that this turns out to > >be an extremely hard problem (though exactly how hard is somewhat OS > >dependent), and is probably not worth your time. The best you can > >hope for is to restrict unsophisticated users; if you have savvy users > >on your system and they REALLY want to get shell access, they probably > >will. > > > >You have to trust your users, and if you can't you've basically > >already lost the battle. If you do, then there's no point in > >confining them to your idea of what's safe. > > -- David Champion • d...@bikeshed.us
