Bug 58286

Summary: please add a CHROOT flag to pop/imap servers
Product: [Retired] Red Hat Linux Reporter: Stig Hackvan <stig-redhat-bugzilla>
Component: imapAssignee: Mike A. Harris <mharris>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 7.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-01-12 23:24:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stig Hackvan 2002-01-12 23:24:52 UTC 
/usr/share/doc/imap-2000c/CONFIG gives instructions for increasing the security 
of pop/imap by hacking the code and recompiling.  following these instructions 
makes it impossible to participate in redhat upgrades.

imap as being historically one of the banes of linux/redhat security (remember 
the 5.x fiasco?) should, like named, take a command-line argument to allow 
chrooting the server immediately after authentication is complete.

below is the patch I use...mail goes to ~/mail/INBOX and the user is chrooted 
to ~/mail ...  it seems that ~/mail and INBOX should be two separate command-
line options to '/usr/sbin/imapd'

       stig

I tag this as 'high/security' because if the server's aren't chrooted, the 
server is much more vulnerable to bugs in the post-login segment of the 
server's code...and if you chroot the server, security updates for pre-chroot 
exploits cannot be located by up2date.





## /usr/src/redhat/SOURCES >> more imap-chroot.patch 
--- imap-2000c/src/osdep/unix/env_unix.c        Fri Dec  7 21:07:40 2001
+++ imap-2000c.hacked/src/osdep/unix/env_unix.c Fri Dec  7 21:17:44 2001
@@ -1,3 +1,5 @@
+#define CHROOT_SERVER 1
+
 /*
  * Program:    UNIX environment routines
  *
@@ -532,6 +534,13 @@
               char *argv[])
 {
   long ret = NIL;
+#ifdef CHROOT_SERVER
+  char chroot_subdir[MAILTMPLEN];
+  /* use "mail" subdirectory of home directory */
+  sprintf (chroot_subdir,"%s/mail",home);
+#endif
+                               /* paranoid site, lock out other directories */
+  
                                /* OK if matches authorization ID */
   if (authuser && strcmp (authuser,pw->pw_name)) {
     struct group *gr = getgrnam ((char *) admin_grp);
@@ -550,8 +559,8 @@
                                /* if same as EUID, treat as application */
   else if (pw->pw_uid == geteuid ()) ret = env_init (user,home);
 #ifdef CHROOT_SERVER
-                               /* paranoid site, lock out other directories */
-  else if (chdir (home) || chroot (home));
+  /* else if (chdir (home) || chroot (home)); */
+  else if (chdir (chroot_subdir) || chroot (chroot_subdir));
 #endif
   else {                       /* in case loginpw() smashes these */
                                /* in case user/home comes from pw struct */
@@ -645,6 +654,7 @@
 ^L
                                /* use real home directory */
   myHomeDir = cpystr (home ? home : ANONYMOUSHOME);
+
   dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T);
   dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL);
 #ifndef DISABLE_AUTOMATIC_SHARED_NAMESPACES
@@ -761,7 +771,11 @@
 {
   char tmp[MAILTMPLEN];
   if (!sysInbox) {             /* initialize if first time */
+#if 0 /* qmail hack --stig */
     sprintf (tmp,"%s/%s",MAILSPOOL,myusername ());
+#else 
+    sprintf (tmp,"%s/INBOX",myhomedir ());
+#endif
     sysInbox = cpystr (tmp);   /* system inbox is from mail spool */
   }
   return sysInbox;



------------------
now this would seem to be close but imperfect.  it works for me for pop3, but 
doesn't work 100% for imap's needs...  (i was hoping i could get you started on 
this and you could finish it...)


it can read folders 

        0007 STATUS "big-attachments" (MESSAGES UNSEEN)
        * STATUS big-attachments (MESSAGES 6 UNSEEN 0)
        0007 OK STATUS completed

but not figure out which folders there are...

        00R4 LIST "" "*"
        * LIST (\NoInferiors) NIL INBOX
        00R4 OK LIST completed
        00R5 LSUB "" "*"
        * LSUB (\NoInferiors) NIL INBOX
        00R5 OK LSUB completed
Comment 1 Mike A. Harris 2002-01-16 16:50:27 UTC 
All such new feature enhancement requests like this should be made to
upstream maintainers.  Incompatible fork's of such codebases rarely
make upstream maintainers happy of any software package.  In the case
of UW imap, the codebase is developed behind closed doors with zero
community involvement, then thrown over the fence for public usage
once or twice a year or so.  The license is not GPL or BSD compatible
either, which is another point against UW imap.