SUMMARY: Restricting malicious access to mounted /var/mail

Rasana Atreya (atreya@library.ucsf.edu)
Thu, 29 May 1997 10:40:11 -0700

Hi Managers,

My original post:

> /var/mail is mounted from the mail server to all workstations on our subnet.
> Root access on the mail server is tightly restricted, but root access on
> generic machines is not (users demand root accesss to their own machines). So
> anyone could do 'su - other_user' and read someone else's mail.
>
> Is there a way of restricting this? 'sudo' will not work because everyone
> wants complete root access to their machines. Sigh!

There were lot of good suggestions (all listed below). I'm thinking about
going the procmail way.

Thanks to:

From: Glenn Satchell - Uniq Professional Services <Glenn.Satchell@uniq.com.au>
From: Chris Marble <cmarble@orion.ac.hmc.edu>
From: Michael Kohne <mhkohne@moberg.com>
From: Anthony.Worrall@reading.ac.uk (Anthony Worrall
From: nobroin@esoc.esa.de (Niall O Broin)
From: Ian_MacPhedran@mackenzie.usask.ca
From: Rich Kulawiec <rsk@itw.com>
From: Christopher L Haggard <chaggard@fedex.com>
From: Larry Williamson <larry@mitra.com>
From: "J.P. Racine" <admin@efni.com>
From: john benjamins <johnb@Soliton.COM>
From: sysadmin@lvision.com (Systems Admin)
From: scott hollatz <shollatz@d.umn.edu>
From: David Fetrow <fetrow@biostat.washington.edu>
From: "Kai O'Yang" <oyang@phoebe.fcit.monash.edu.au>
From: "Rich Snyder" <rsnyder@eos.hitc.com>

Rasana

---------------------------------------------------------------------------
Suggestions:

- Absolutely restrict root access.

- Keep /var/mail local to the mail server and distribute mail via user .forward
files or the sendmail alias file. People have seen mail get mis-placed (e.g.
delivered to the mail host) when the remotely mounted home directories were
not available, the alias file approach was recommended.

- Do not mount /var/mail. Instead have users login to the mail server check
their mails.

- Look at the root=<host> option in "man share_nfs".

- Use procmail as local delivery agent, so all mails can be sent to users'
account directly.

- Use IMAP instead of NFS to handle the email store. It's something like a more versatile POP. It's designed with the idea of having thousands of accounts in
a single store in mind but it works OK with less. Try with pine mailer.
http://www.cac.washington.edu/imap
http://www.washington.edu/pine/

- Offer the mail via POP3.

- Put a wrapper on su maybe that checks who the user is su 'ing to. But if they have root access they could just blow away the wrapper.

- Mount each users mailbox dir to only their machine (cumbersome if you have
alot of users).

- Use a program like fetchmail to get it via POP or IMAP.

- What about using secure NFS? Untried it but it might solve this problem.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Rasana Atreya Voice: (415) 476-3623 ~
~ System Administrator Fax: (415) 476-4653 ~
~ Library & Ctr for Knowledge Mgmt, Univ. of California at San Francisco ~
~ 530 Parnassus Ave, Box 0840, San Francisco, CA 94143-0840 ~
~ atreya@library.ucsf.edu ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~