2009/4/2 John Simpson <j...@jms1.net> > i hope these aren't the settings you're actually using on a real server > anywhere.
Yes they are on a live server serving > 3 million users. But these programs have extra authentication/checks before they actually do the setuid(). In fact that is the first thing done after main(). These programs exit if they are not running under appropriate environment. and they are not the original vpopmail programs. Some of these require (vadddomain, vdeldomain) require root to update the qmail assign file. The root password for the servers running these programs are not with the administrators. I have given a wrong example. The 4555 should be read as 555 instead. > > if so, ANY user on the system, including the apache anonymous user, can > wipe out every mailbox on the system, with one command. Agree and hence the first thing after main(), these programs ask for extra userid/password (which is given to the mail administrators who do not have the root passwords of the host). > > you DO NOT want these to be setuid root. in fact, you don't want ANY of the > binaries to be setuid root, except possibly for vpopmaild, and that only if > you want to allow it to create and remove domains- otherwise it can run as > the vpopmail user with no ill effects. > I have not explored that. Example could be making qmail-newu to be setuid root and making the assign file writeable by vpopmail. But getting the root password or doing ssh root is out of question in my production environment. !DSPAM:49d4cd5932681802111020!
