Rewriting amavisd.conf

Alexander Wirt formorer at formorer.de
Fri Oct 12 15:10:23 CEST 2018


On Fri, 12 Oct 2018, Patrick Ben Koetter wrote:

> * Ralph Seichter <m16+amavis at monksofcool.net>:
> > On 12.10.18 14:06, Patrick Ben Koetter wrote:
> > 
> > > I would like to come up with a completely new amavisd.conf.
> > 
> > Personally, I use /etc/amavisd.conf.d to hold several portions of the
> > configuration (which are versioned with Git), and a Makefile to generate
> > /etc/amavisd.conf from these portions. I wonder if this can be mimiced
> > without the Makefile.
> 
> As Alexander pointed out, debian uses /etc/amavis/conf.d and IIRC reads in
> anything that ends on *.conf. This allows the distribution to ship
> distribution-specific defaults without modifying the programs source code.
> 
> And they prepend numbers to the conf files, which then controls the order in
> which they are read when amavis starts. Last match wins. Also nice.
> 
> But - Alex please correct me if I'm wrong – the last time I had a closer look
> at this mechanism, the default directory permissions allowed anyone to create
> files in /etc/amavis/conf.d. This would allow an attacker with shell access to
> place a file in /etc/amavis/conf.d that would be read in last, thus overriding
> all previous settings.
> 
> Even if the distribution does a good job on this, it is still upon the
> distribution to add this bit of security. I'm uncertain if we should leave
> this room for "getting it wrong".
drwxr-xr-x  2 root root 4096 Okt 12 15:08 conf.d

> 
> We could, however use /etc/amavis/conf.d/*.conf and only read them if the
> permissions are 640 and ownership is either root, $daemon_user or
> $damon_group.
In my eyes this is a typical distribution job to get things like that right. 
However, nothing stops us to provide a proper Makefile that get things right
oob.

Alex


More information about the amavis-devel mailing list