On 2024-12-19 22:00, Wietse Venema via Postfix-users wrote: > > This is not the privilege escalation or loss that I had in mind. If you > don't want some user to have .forward files, edit main.cf:forward_path > and use pathnames that depend on $user instead of $home.
I'm not saying it is. Just that this makes possible for user to start reverse shell and spawn some user namespace, or create proxy/relay of any kind and hide his network activity behind innocent server IF the system admin is unaware of sendmail-like .forwards. Or dig crypto (1000 s of multithreaded job per one email is pretty appealing). Nobody needs to attack the system itself to take advantage. This kind of abuse can be easily prevented globally and this is "secured by default" I have in mind (in the first case RestrictNamespaces= reducing attack surface). I personally run rootless virtual-only and have empty forward_path and allow_mail_to_commands just in case some local accounts appears to be open some day (yes, I don't trust myself as well, especially if I would remember such gory details in some unspecified future). _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
