2 Nov
2006
2 Nov
'06
8:50 p.m.
On Mon, 2006-10-23 at 18:32 +0200, Luca Corti wrote:
':' separated list of directories under which chrooting is allowed for
processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar
too).
This setting doesn't affect login_chroot or auth_chroot variables.
WARNING: Never add directories here which local users can modify, that
may lead to root exploit. Usually this should be done only if you
don't
allow shell access for users. See doc/configuration.txt for more
information. #valid_chroot_dirs =
Now if I set
valid_chroot_dirs = /home
everything works, but the WARNING pretty much scares me since user foo HAS shell access. Is this safe? Is there a way to avoid this? Why I can't chroot to /home/foo/./ if I can to /home/foo ?
Well, the warning is perhaps a bit too cautious. As long as
- Dovecot has no security holes
- You're not giving users the possibility to run all kinds of system commands via IMAP (can't see a reason to do that..)
there shouldn't be any problems.
Also if the /home partition is mounted with nosuid option it's always safe.
The problem is that a user can hardlink a setuid binary (eg. /bin/su) inside the chroot and create his own lib/libc.so. After that it's only needed to be executed inside chroot.