Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security-concerns: world-readable configuration-files containing database-credentials #349

Open
tomcrus001 opened this issue Nov 1, 2020 · 3 comments
Open

Security-concerns: world-readable configuration-files containing database-credentials #349

tomcrus001 opened this issue Nov 1, 2020 · 3 comments
Labels
security Sécurity

Comments

@tomcrus001
Copy link

tomcrus001 commented Nov 1, 2020
edited
Loading

Impacted versions

  • Distribution: Ubuntu (but propably any others too)
  • Codename: 18.04
  • Arch: 64 Bits
  • Database: MySQL

Steps to reproduce

normal Installation using modoboa-install's run.py

Full trace using --debug option or current behaviour

Expected behavior

following files containing database-credentials mustn't be world-readable

  • /etc/postfix/sql*.cf
  • /etc/dovecot/dovecot-sql-master.conf.ext
  • /usr/local/bin/postlogin.sh
  • /etc/opendkim.conf
  • /srv/modoboa/instance/instance/settings.py
  • maybe some others I have not yet discovered

After having done a fresh installation using modoboa-install:

tomcrus@vserver:/etc/dovecot$ ls -l /srv/modoboa/instance/instance/settings.py 
-rw-rw-r-- 1 modoboa modoboa 9467 Nov  1 02:34 /srv/modoboa/instance/instance/settings.py

admin@vserver:/etc/dovecot$ ls -l /etc/postfix/sql*.cf
-rw-r--r-- 1 root root  440 Nov  1 02:39 /etc/postfix/sql-aliases.cf
-rw-r--r-- 1 root root  400 Nov  1 02:39 /etc/postfix/sql-domain-aliases.cf
-rw-r--r-- 1 root root  319 Nov  1 02:39 /etc/postfix/sql-domains.cf
-rw-r--r-- 1 root root  492 Nov  1 02:39 /etc/postfix/sql-maintain.cf
-rw-r--r-- 1 root root  308 Nov  1 02:39 /etc/postfix/sql-relay-recipient-verification.cf
-rw-r--r-- 1 root root  324 Nov  1 02:39 /etc/postfix/sql-relaydomains.cf
-rw-r--r-- 1 root root 1198 Nov  1 02:39 /etc/postfix/sql-sender-login-map.cf
-rw-r--r-- 1 root root  516 Nov  1 02:39 /etc/postfix/sql-spliteddomains-transport.cf
-rw-r--r-- 1 root root  323 Nov  1 02:39 /etc/postfix/sql-transport.cf

admin@vserver:/etc/dovecot$ ls -l /etc/dovecot/dovecot-sql-master.conf.ext 
-rw-r--r-- 1 root root 5615 Nov  1 02:41 /etc/dovecot/dovecot-sql-master.conf.ext

admin@vserver:/etc/dovecot$ ls -l /usr/local/bin/postlogin.sh 
-rwxr-xr-x 1 root root 260 Nov  1 02:41 /usr/local/bin/postlogin.sh

admin@vserver:/etc/dovecot$ ls -l /etc/opendkim.conf
-rw-r--r-- 1 root root 3304 Nov  1 02:39 /etc/opendkim.conf
@tomcrus001
Copy link
Author

Note for the file /usr/local/bin/postlogin.sh: this was already mentioned some time ago: postlogin.sh script is public read and should not be

Also note about this script file's usage of mysql-command: Annoing warning in error log with mysql DB

@tomcrus001
Copy link
Author

Note also, that most probably it doesn't suffice to just remove all those world-readable permission as this will lead to some service stop working due to miss configuration

@kryskool kryskool added the security Sécurity label Nov 5, 2020
@tonioo
Copy link
Member

tonioo commented Nov 5, 2020

@tomcrus001 I think we can modify permissions of most files and remove the read flag for group and other categories. The settings.py file is a special case since management commands are not always run by the root user. I guess we can remove the read flag for others but leave it for group but it requires to check if every involved user is in the modoboa group.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Sécurity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kryskool @tonioo @tomcrus001