This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ITP] postfix 2.11.3


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On November 17, 2014 7:00:10 PM CET, Christian Franke <Christian.Franke@t-online.de> wrote:
>Corinna Vinschen wrote:
>> On Nov 17 15:50, Christian Franke wrote:
>>> Corinna Vinschen wrote:
>>>> On Nov 17 14:00, Christian Franke wrote:
>>>>>>      Also, is
>>>>>>      passwd -R really required?  This is typically no necessary,
>unless you
>>>>>>      potentially have to do stuff with native Windows tools
>(cron, sshd
>>>>>>      session).  Postfix doesn't seem to be a candidate for that.
>>>>> For example the postsuper admin tool always drops root permissions
>by
>>>>> setuid/gid() to $mail_owner ('postfix') before doing anything
>interesting.
>>>>> (postfix never uses chown(), BTW).
>>>>>
>>>>> Could this really be done without passwd -R or cyglsa ?
>>>> Usually, yes.  As a Cygwin tool without accessing native Windows
>>>> functionality, it should not have a problem using
>>>> https://cygwin.com/preliminary-ug/ntsec.html#ntsec-nopasswd1,
>unless
>>>> it has to access network drives.
>>> Does not work for me when running e.g. /usr/sbin/postsuper from any
>>> admin user. The local admin group normally does not provide
>>> SeCreateTokenPrivilege, at least on Win 7.
>> postsuper switches the user account?  Where to?  From the command
>line
>> that's obviously a problem.
>
>See above (It always switches to $mail_owner and does never use
>chown()).
>
> From postsuper.c:
>
>* All file/directory updates must be done as the mail system owner.
>This
>    * is because Postfix daemons manipulate the queue with those same
> * privileges, so directories must be created with the right ownership.
>
>
>>    In theory postsuper should just use the
>> account it's running under on Cygwin.
>
>In (upstream) theory & practice, it should run with least privileges,
>which is good :-)

Well, passwd -R is still some mild variation of security by obscurity, and it might not be allowed in some environments.  But then again, what company would actually use postfix on Cygwin as their MTA?  Never mind,then.


Corinna


- --
Corinna Vinschen                   Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQJEBAEBCgAuBQJUazl1JxxDb3Jpbm5hIFZpbnNjaGVuIDxjb3Jpbm5hQHZpbnNj
aGVuLmRlPgAKCRD1NgadrkRPoD2XD/9K9Dw6IFDCMKljb+NRKpcKpVTJtl0Tx/yo
qHNEVG2NsgaJGIv5DLigus0hHcPLCgC/iyJ773z61LX0tP88gzLvpOoTNsaWcYPI
MUvCXhU8KOGb9f1MfztdLCZZyK/Hf1UrRkwDxVBFyUBiJPmFrKcTjHD5LEZkSdxl
YLYIe+GCIx9K3bdo1L6VEpH+uy+kneExq+PRzpxF0WmgScjJJ16rHfffWyfFnFz4
NO+Bsa68oB83v8QlXHym4x7pfVzXA4MMxrSbVYYTyTbhZMMgTraTRXgHMZUVKxPD
aCAzgeqMrnC9Bivp440hkLBAo17USmqGvh0eRzSJH4Iv9aNB3bEGBBn82UODeb3N
OIzi+rr/U2ea0oJ+dh1jvVzo1DgVnlQUDN2Ro0I0DcaSQldYRNYNm0rST/PH+GDv
CXeawekosd/5hZsMzLbf5FKtArNAEQpA0KxR+0HY0/eIMJGVhFJySQDfDXT9qvTE
7/uN8Pv7atKMEjEtIuNOO4wFN3WEP9UnvVwmP7VXxzgSH5C0oe0pXLdowNenaPhR
xjcKhGt8gdFWy2e/HFh5iNXLGWMZl+9DMYi2z/HHBMinFUuZttObnyaTXRyiZVcq
GONQBuRreRgUsGiT44//C14Fhe6ulyOZ9Fq3r0TCiT9HiJNLXwLSvPB9HlrK0E16
Jr3ndtey3g==
=wxD6
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]