deliver need to have world permission removed! Reproducible: Always Steps to Reproduce: 1. emerge =net-mail/dovecot-1.2.4 2. configure dovecot to act as a LDA for any smtp Actual Results: 3. See that your mails are all bounced with: Sep 15 18:30:17 pigeon postfix/pipe[17864]: 36C37A07B10B6: to=<kiorky@cryptelium.net>, relay=dovecot, delay=0.09, delays=0.03/0.01/0/0.05, dsn=5.3.5, status=bounced (local configuration error. Command output: /usr/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids ) Expected Results: mail delivered to mailbox The fix is simple, remove the world permissions. (o-rwx)
Created attachment 204224 [details] patch
Created attachment 204229 [details] Better patch to stick to the dovecot wiki according adding a special group. Dixit: "You can do this by making sure only your MTA has execution access to it." Thus, you can for example add something like this in your postfix configuration: dovecot unix - n n - - pipe flags=DRhu user=dovecot:mail argv=/usr/libexec/dovecot/deliver -n -f ${sender} -d ${user}@${nexthop}
i forgot to say that this patch make deliver belongs to mail group. With that manip', you can configure your applications to use some user which is in that group and thus gain the right to use deliver while the rest of the system may be secured.
+ 18 Sep 2009; Patrick Lauer <patrick@gentoo.org> dovecot-1.2.4.ebuild: + Improving suid behaviour, fixes #285108. Thanks to kiorky for the patch.
