From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 892E51383D9 for ; Mon, 20 Jul 2015 22:24:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 07689E0878; Mon, 20 Jul 2015 22:24:18 +0000 (UTC) Received: from mail-wg0-f53.google.com (mail-wg0-f53.google.com [74.125.82.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D5E3CE0864 for ; Mon, 20 Jul 2015 22:24:16 +0000 (UTC) Received: by wgmn9 with SMTP id n9so141456239wgm.0 for ; Mon, 20 Jul 2015 15:24:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=E/InHVvsBHFjURk8XPaMh0mKnUf1JtJZTwTjbEmDVm0=; b=v8YXNf4K5qNYfIASopcM2EK2BNtkZ8BOsYP1/HS5TriG+sxBoH4hoD/mwjMaQp2ZqG MnVnMuiHuzAyRGPP0Z/8QQTQ+sPnUNdWCy7C6eAbLg1BIMe0IKUCWmXNjCUFzN1gNq9f nFfh9xOONuMvsOc6ULJfTG6C87RsGmZ6iCa0bldj+B1BL/RqdIAoNt97Ilgo72rtBYZ8 yYR+5JmKWdBS5vP/jeYW7NRO2ajeaVZWXpcp4hdaVmgVdXwyE1ZDRLbwgaB5EHaryX1J 8DNHDs27N0SwLlQTg157kJUlAsbrRi2amZsyxwX194nHHPYwMBJQZPr+k1UvrOZsBBfv 3BLQ== X-Received: by 10.194.23.194 with SMTP id o2mr62068718wjf.63.1437431055706; Mon, 20 Jul 2015 15:24:15 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by smtp.gmail.com with ESMTPSA id ym2sm33991240wjc.44.2015.07.20.15.24.14 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 20 Jul 2015 15:24:14 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [SOLVED] Re: [gentoo-user] msmtp vs. nullmailer Date: Mon, 20 Jul 2015 23:24:00 +0100 User-Agent: KMail/1.13.7 (Linux/4.0.5-gentoo; KDE/4.14.8; x86_64; ; ) References: <20150608114704.2da5a784@thetick> <201507201849.10123.michaelkintzios@gmail.com> <20150720215031.GA22893@waltdnes.org> In-Reply-To: <20150720215031.GA22893@waltdnes.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6172950.vlu5eWlsYV"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit Message-Id: <201507202324.11348.michaelkintzios@gmail.com> X-Archives-Salt: 54e67f0c-207c-4fdc-981d-881bdb99509d X-Archives-Hash: 61c4c471ef30e0ecb8a57773fc0cc4b2 --nextPart6172950.vlu5eWlsYV Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Monday 20 Jul 2015 22:50:31 Walter Dnes wrote: > On Mon, Jul 20, 2015 at 06:49:00PM +0100, Mick wrote >=20 > > This is all good and dandy, but letting user "nobody" read your > > mail accoutn passwd may not be the safest approach to sending email > > messages from your machine. >=20 > I think you missed the point. The "NOPASSWD:" option means that this > one particular user "nobody" ***DOES NOT NEED THE ROOT PASSWORD*** to > execute this one particular command which normally requires "root" level > privileges. I repeat, it has no need for the password. =20 I have not missed the point you are raising. My concern was that "nobody" = is=20 a user account without a login shell, to which you give access to a user fi= le=20 that has a login shell and in particular to a file that contains the email= =20 account passwd of that user. Given that public servers and daemons often run as nobody:nogroup I would b= e=20 cautious about this. I do not have an exact script in mind which could=20 potentially cause privilege escalation, but someone more skilled that I in = the=20 dark arts could well do. =2D-=20 Regards, Mick --nextPart6172950.vlu5eWlsYV Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJVrXULAAoJELAdA+zwE4YeLdYIAK6IguZ8w7xSXYI1PQDpE5zj 7/qaHTX51jjc9iLnjA4KrxtDfX9GIL3ZZsmftyPH1Gc+iIk0nwSkUUDJzYB3Ylk6 PCtUqpzbp0AAWetj/wI2bRncAng4ScSaAp093ylY59DUqT5/rGj5L9lU6yny/gZc z7hsYalJYEPGYFgGfoAfVV7z/8ynXdPByDHjYfAfmd5J4xlulD5CuZXswLybnF6t fKIfQEkcicvSF+D5yzfODRWCPIeyadcYeR6tEWgNuCYkPxwageRYltRL5kycjlEb 7wToj59sULJqD44PA/4USXqMae8mnkCuwWWtzV+2P61TE07Zk6iSxufvu5l3inQ= =IHRP -----END PGP SIGNATURE----- --nextPart6172950.vlu5eWlsYV--