Hello!
Could somebody give some feedback on this configuration:
- OpenBSD box with local ssh users.
- /home directory mounted with nosuid,noexec.
- postfix dropping mail in /home/username/mail/INBOX, with the UID/GID
of the user.
- dovecot:
valid_chroot_dirs = /home
default_mail_env = mbox:/home/%u/mail/:INBOX=/home/%u/mail/INBOX
Are there any obvious ways for a local user to help dovecot escape the
chroot jail?
How can I check that dovecot is REALLY using /home as chroot jail for
the imap process?
Thanks!
Bert Koelewijn
On Sun, 2003-08-24 at 15:49, Bert Koelewijn wrote:> valid_chroot_dirs = /home > default_mail_env = mbox:/home/%u/mail/:INBOX=/home/%u/mail/INBOX > > Are there any obvious ways for a local user to help dovecot escape the > chroot jail?Not really. They can of course create hardlinks elsewhere in /home.> How can I check that dovecot is REALLY using /home as chroot jail for > the imap process?It's not chrooting anywhere yet with those settings. Hmm. I think I'd need to add "mail_chroot" setting which would specify the default chroot. For now you'd have to change user's home directories to contain /./ to speficy chroot. Like "/home/./user".