On 17.12.2024 18:14, Wietse Venema via Postfix-users wrote:
Did you verify the non-daemon programs, specifically that all
featrues work as promised in sendmail, postdrop, postqueue, postsuper,
postmap, postalias, and postcat? Be sure to also test as a non-root
and non-postfix user.
Did you test the privilege-changing features of local(8), pipe(8)
and spawn(8)?
Yes, it all works fine. All dirs need extra ACL to allow root access
(initially I found only public/ but actually all postfix-owned dirs
needs the same acl since all other daemons tries to open things as
root while cap_dac_override is missing.
Well. It really depends on the context. We don't know which other
software people run from their .forward etc files. Just dropping
ability to run setuid programs will break alot of things, I guess.
I definitely don't plan to implement such more advanced controls
at this time. We had enough with chroot already (and enough myths
too).
Though to me, I've no idea how postmap or postdrop or other mentioned
software could NOT work. It' just the postfix master process and
all the daemons started by it are running with restricted privs,
not everything outside of this context.
Thanks,
/mjt
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
