Bug 58286 - please add a CHROOT flag to pop/imap servers
please add a CHROOT flag to pop/imap servers
Product: Red Hat Linux
Classification: Retired
Component: imap (Show other bugs)
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2002-01-12 18:24 EST by Stig Hackvan
Modified: 2007-03-26 23:50 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-01-12 18:24:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stig Hackvan 2002-01-12 18:24:52 EST
/usr/share/doc/imap-2000c/CONFIG gives instructions for increasing the security 
of pop/imap by hacking the code and recompiling.  following these instructions 
makes it impossible to participate in redhat upgrades.

imap as being historically one of the banes of linux/redhat security (remember 
the 5.x fiasco?) should, like named, take a command-line argument to allow 
chrooting the server immediately after authentication is complete.

below is the patch I use...mail goes to ~/mail/INBOX and the user is chrooted 
to ~/mail ...  it seems that ~/mail and INBOX should be two separate command-
line options to '/usr/sbin/imapd'


I tag this as 'high/security' because if the server's aren't chrooted, the 
server is much more vulnerable to bugs in the post-login segment of the 
server's code...and if you chroot the server, security updates for pre-chroot 
exploits cannot be located by up2date.

## /usr/src/redhat/SOURCES >> more imap-chroot.patch 
--- imap-2000c/src/osdep/unix/env_unix.c        Fri Dec  7 21:07:40 2001
+++ imap-2000c.hacked/src/osdep/unix/env_unix.c Fri Dec  7 21:17:44 2001
@@ -1,3 +1,5 @@
+#define CHROOT_SERVER 1
  * Program:    UNIX environment routines
@@ -532,6 +534,13 @@
               char *argv[])
   long ret = NIL;
+  char chroot_subdir[MAILTMPLEN];
+  /* use "mail" subdirectory of home directory */
+  sprintf (chroot_subdir,"%s/mail",home);
+                               /* paranoid site, lock out other directories */
                                /* OK if matches authorization ID */
   if (authuser && strcmp (authuser,pw->pw_name)) {
     struct group *gr = getgrnam ((char *) admin_grp);
@@ -550,8 +559,8 @@
                                /* if same as EUID, treat as application */
   else if (pw->pw_uid == geteuid ()) ret = env_init (user,home);
-                               /* paranoid site, lock out other directories */
-  else if (chdir (home) || chroot (home));
+  /* else if (chdir (home) || chroot (home)); */
+  else if (chdir (chroot_subdir) || chroot (chroot_subdir));
   else {                       /* in case loginpw() smashes these */
                                /* in case user/home comes from pw struct */
@@ -645,6 +654,7 @@
                                /* use real home directory */
   myHomeDir = cpystr (home ? home : ANONYMOUSHOME);
   dorc (strcat (strcpy (tmp,myHomeDir),"/.mminit"),T);
   dorc (strcat (strcpy (tmp,myHomeDir),"/.imaprc"),NIL);
@@ -761,7 +771,11 @@
   char tmp[MAILTMPLEN];
   if (!sysInbox) {             /* initialize if first time */
+#if 0 /* qmail hack --stig */
     sprintf (tmp,"%s/%s",MAILSPOOL,myusername ());
+    sprintf (tmp,"%s/INBOX",myhomedir ());
     sysInbox = cpystr (tmp);   /* system inbox is from mail spool */
   return sysInbox;

now this would seem to be close but imperfect.  it works for me for pop3, but 
doesn't work 100% for imap's needs...  (i was hoping i could get you started on 
this and you could finish it...)

it can read folders 

        0007 STATUS "big-attachments" (MESSAGES UNSEEN)
        * STATUS big-attachments (MESSAGES 6 UNSEEN 0)
        0007 OK STATUS completed

but not figure out which folders there are...

        00R4 LIST "" "*"
        * LIST (\NoInferiors) NIL INBOX
        00R4 OK LIST completed
        00R5 LSUB "" "*"
        * LSUB (\NoInferiors) NIL INBOX
        00R5 OK LSUB completed
Comment 1 Mike A. Harris 2002-01-16 11:50:27 EST
All such new feature enhancement requests like this should be made to
upstream maintainers.  Incompatible fork's of such codebases rarely
make upstream maintainers happy of any software package.  In the case
of UW imap, the codebase is developed behind closed doors with zero
community involvement, then thrown over the fence for public usage
once or twice a year or so.  The license is not GPL or BSD compatible
either, which is another point against UW imap.

Note You need to log in before you can comment on or make changes to this bug.