Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-27-2011, 04:43 PM
|
#1
|
Member
Registered: Mar 2010
Location: INDIA (chennai)
Distribution: centos
Posts: 271
Rep:
|
Running fetchmail as root
Hi all,
I run fetchmail to download all my emails from remote mail server to my linux server.
But every time when i run fetchmail -v i am getting a warning that
" Running as root is discouraged"
I just want to know whether it is unsecure to run fetchmail as root user.
Can anyone explain me the effects of running fetchmail as root.
Thanks in advance,
Dinesh.
Last edited by dinakumar12; 04-27-2011 at 04:44 PM.
|
|
|
Click here to see the post LQ members have rated as the most helpful post in this thread.
|
04-27-2011, 05:10 PM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,414
|
Quote:
Originally Posted by dinakumar12
Hi all,
I run fetchmail to download all my emails from remote mail server to my linux server. But every time when i run fetchmail -v i am getting a warning that
" Running as root is discouraged"
I just want to know whether it is unsecure to run fetchmail as root user.
|
Obviously, or you wouldn't get that message.
Quote:
Can anyone explain me the effects of running fetchmail as root.
Thanks in advance,
Dinesh.
|
Yes...the man page for Fetchmail can shed some light, as can Google. From the man page:
Code:
...could open a security hole, because they pass text manipulable by an attacker to a shell command. Potential shell characters are
replaced by '_' before execution. The hole is further reduced by the fact that fetchmail temporarily discards any suid privileges it
may have while running the MDA. For maximum safety, however, don't use an mda command containing %F or %T when fetchmail is run from
the root account itself.
|
|
2 members found this post helpful.
|
04-28-2011, 08:54 AM
|
#3
|
Member
Registered: Mar 2010
Location: INDIA (chennai)
Distribution: centos
Posts: 271
Original Poster
Rep:
|
Hi TB0ne,
Thanks for your reply. I will now change my fetchmail process to own by user other than root.
But still i cant understand the risks involved in running fetchmail as root clearly. But i will google for that.
Thank you again.
|
|
|
04-28-2011, 10:23 AM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,414
|
Quote:
Originally Posted by dinakumar12
Hi TB0ne,
Thanks for your reply. I will now change my fetchmail process to own by user other than root.
But still i cant understand the risks involved in running fetchmail as root clearly. But i will google for that.
Thank you again.
|
You can't?? Even after reading the piece from the man page I posted?
Think about it...fetchmail processes an email with a script attached. Again, reading the man page will explain things further, but if you're running as root, that script can do ANYTHING. Not running as root? It can't.
|
|
|
04-28-2011, 12:59 PM
|
#5
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
dinakumar12, You need to think of this in terms of "what if this were to happen". See this CVE regarding Fetchmail. It is an example where a bug allowed a user to execute arbitrary code with the privilege of the user that Fetchmail is executing as. If you are running as root, the attacker would have root access to your machine and the data on the machine would now be forfeit.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 03:17 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|