*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just how more insecure is it to mount /var on OpenBSD (3.5 patch) suid? It is mounted nosuid by default, but I could not manage to make vqadmin and qmailadmin work with /var mounted as nosuid.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
That means you're allowed to execute suid binaries and scripts on that partition, which can be particularly bad in the case of /var since that's where Apache and BIND live, and also the mail spool, cron spool, etc... All of those are potential vectors for attack. If an attacker manages to find an suid script on that partition, or an suid binary, and they can exploit it with a buffer overflow, or by forcing it to exectute commands of their choosing, you'll be rooted. Of all the partitions, /var is probably the one you least want to mount with suid allowed.
Is there a particular reason you want qmail? Postfix works great on OpenBSD and is well supported. It's easier to setup and use than Qmail and it has a native port (unlike Qmail). The OpenBSD Sendmail (installed by default) is also quite a bit more secure than the normal Sendmail, because the OpenBSD developers have hardened it a great deal (although it's still an exercize in frustration to try to edit the configuration).
Yes, qmail comes with a set of useful apps for administration, namely vqadmin and qmailadmin. I need those, especially the possibility that users can setup autoreply messages from the web interface alone, that domain admins can add and modify users within their domains (from the web interface) etc.
I am also more than satisfied with postfix and have used it extensively. I now have a running system supporting virtual domains and all security/privacy related addons, but it seems unlikely to find a web interface that will enable the normal user to, say, mamange his own vacation message, the domain admin user to use the web interface to add/delete users, makes new forwards, delete the old ones etc. The postfix+courier imap+authuserdb works just perfectly for me and I need absolutely nothing more as far as the server itself is considered. But users here want comodity and I simply have to see to it that they get it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
