That's a popular conception, but I don't know that it's really true. I
believe that Cyrus is a better conceived product in that it abandon's
the use of individually owned mailspools and maintains it's own
database (figuratively speaking) and amanages access to the individual
sppols. Cyrus also gives you a lot of options in terms of acls for
sharing mailboxes -- such as a collective mailbox that various people
in the department access regularly, meaning that personal passwords
don't have to be shared or group passwords created. In that kind of a
situation, since I continue to use my personal password to access the
collective maildrop, it is more secure.
The big issue, however, is sendmail. And ny effort to hack through
your mail system via your email system (i.e., through port 25) goes
through sendmail before Cyrus ever sees it, and most of those attacks
are designed to get sendmail to execute some program with its root
privileges. Since all the mailboxes are owned by the Cyrus user, what
would be more secure of a system that just does mail delivery woulkd
be a hack to sendmail so that once it attaches to port 25 it drops root
and runs as the Cyrus user. Show me a hack like that, and Cyrus wins
hands down (or two thumbs up) because you can't do that with UofW.
Mail spools are all individually owned, and sendmail has to have root
privileges in order to invoke the delivery agent with a different uid
every time. There are a lot of server programs that do just that
(i.e., do the initializations that require root as root and than drop
to a non-privleged user), and of the mail systems I've seen, Cyrus (or
it's commercial derivatives -- I know of at least one) is the only mail
server I know of that such a scheme would work with. But alas,
sendmail doersn't do that and so Cyrus's security advantage is really
pretty much restricted to the flexible application of acls to mailboxes
which eliminates the need to share common passwords and/or establish
group accounts. That advantage is more than trivial, most certainly,
but Cyrus can't help in securing the other end of the pipe, which is
sendmail.
(I know a lot of people swear by postfix, but I stick with sendmail
because I know the product and in this world of nasty hackers, using an
unfamiliar MTA is a very scarry thought. But does anyone know, can
postfix be configured to drop root to some other specified user after
it initializes?)
-- Rob
--On Wednesday, March 14, 2001 11:52:02 AM -0400 The Hermit Hacker
<[EMAIL PROTECTED]> wrote:
>
> Trying to convince a group that Cyrus is more secure, but my
> arguments are about as lame as can be :(
>
> Does anyone have a URL that I can use in my args, that compares them
> better?
>
> Thanks ...
>
> Marc G. Fournier ICQ#7615664 IRC
> Nick: Scrappy Systems Administrator @ hub.org
> primary: [EMAIL PROTECTED] secondary:
> scrappy@{freebsd|postgresql}.org
>
_ _ _ _ _ _ _ _ _ _
/\_\_\_\_\ /\_\ /\_\_\_\_\_\
/\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT,
/\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
/\/_/_/_/_/ /\_\ /\/_/ /\/_/
/\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
\/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
Rob Tanner
UNIX and Networks Manager
Linfield College, McMinnville OR
(503) 434-2558 <[EMAIL PROTECTED]>
