Difference between revisions of "File Safety Checks"
m |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 62: | Line 62: | ||
=== SSL Files === | === SSL Files === | ||
| − | These are SSL key, certificate and certificate authority (CA) files. They are configured using <tt>tls</tt> | + | These are SSL key, certificate and certificate authority (CA) files. They are configured using <tt>tls-file-checks</tt> |
block statement: | block statement: | ||
<source> | <source> | ||
| − | tls { | + | tls-file-checks { |
| − | + | key-file <arg: list>; # Configures safety checks for the key file. | |
| − | + | cert-file <arg: list>; # Configures safety checks for the certificate file. | |
| − | key-file | + | ca-file <arg: list>; # Configures safety checks for that file. |
| − | |||
| − | cert-file | ||
| − | |||
| − | ca-file | ||
}; | }; | ||
</source> | </source> | ||
| Line 79: | Line 75: | ||
The keywords configuring file-specific tests and their corresponding defaults are as follows: | The keywords configuring file-specific tests and their corresponding defaults are as follows: | ||
| − | ;key-file | + | ;key-file |
: Safety checks for the SSL key file. The default is: <tt>all</tt>. | : Safety checks for the SSL key file. The default is: <tt>all</tt>. | ||
| − | ;cert-file | + | ;cert-file |
: Safety checks for the SSL certificate file. The default is: <tt>+awrfil +gwrfil +linkwrdir</tt>. | : Safety checks for the SSL certificate file. The default is: <tt>+awrfil +gwrfil +linkwrdir</tt>. | ||
| − | ;ca-file | + | ;ca-file |
: Safety checks for the SSL certificate authority file. The default is: <tt>+awrfil +gwrfil +linkwrdir</tt>. | : Safety checks for the SSL certificate authority file. The default is: <tt>+awrfil +gwrfil +linkwrdir</tt>. | ||
| Line 91: | Line 87: | ||
<source> | <source> | ||
| − | tls { | + | tls-file-checks { |
| − | ssl-key | + | ssl-key -grdfil; |
| − | |||
} | } | ||
</source> | </source> | ||
| Line 99: | Line 94: | ||
=== The Forward File === | === The Forward File === | ||
| − | The '''forward''' file supported by [[ | + | The '''forward''' file supported by [[mda]] and [[lmtpd]] is a traditional '''dot-forward''' file controlling mail forwarding for the system user. By default, the following checks are applied to it: <tt>awrfil gwrfil linkwrdir awrdir gwrdir</tt>. Additionally, the file is required to be owned by the user it belongs to. |
{{Note|That latter check should perhaps be configurable too, but currently there is no way to disable it.}} | {{Note|That latter check should perhaps be configurable too, but currently there is no way to disable it.}} | ||
| − | Safety checks for the forward file are controlled by the <tt>forward | + | Safety checks for the forward file are controlled by the <tt>forward.file-checks</tt> statement. For example: |
<source> | <source> | ||
| − | forward | + | forward { |
| + | # Process forward file. | ||
| + | file ".forward"; | ||
| + | # Configure safety checks for the forward file. | ||
| + | file-checks default -gwrdir; | ||
| + | } | ||
</source> | </source> | ||
| + | |||
| + | === DBM Files === | ||
| + | |||
| + | Checks applied to various DBM files are controlled [[Database URL#param|individually]] for each database. | ||
== See also == | == See also == | ||
Latest revision as of 13:12, 6 November 2019
Introduction
Some files used by GNU Mailutils keep confidential information and should be accessible for a limited set of system users. Before using such files, Mailutils applies to them a series of safety checks. The file will be used only if all of the checks succeed. The number and purpose of these checks depend on the file being checked and can be configured.
Implemented Checks
For the configuration purposes, each check has a symbolic name, which can be used to request or disable it. The table below lists all file safety checks implemented so far along with their names and descriptions. The checks are listed in the order of decreasing priority, which is also the order in which they are applied.
- awrfil
- Fails if the file is world-writable (all-writable file).).
- gwrfil
- Fails if the file is group-writable (group-writable file).
- linkwrdir
- Fails if the file is a symbolic link located in a (world- or group-) writable directory (Linked file in writable directory).
- awrdir
- Fails if the file is located in a world-writable directory (all-writable directory).
- gwrdir
- Fails if the file is located in a group-writable directory (group-writable directory).
- ardfil
- Fails if the file is world-readable (all-readable file).
- grdfil
- Fails if the file is group-readable (group-readable file).
Configuration
Several configuration file keywords are provided to control safety checks applied to various files used by Mailutils. All of them take as their argument a white-space separated list of check names. Each check name, when listed, enables the corresponding check, unless preceded by a dash (-) which disables it. For symmetry, a name can be preceded by a plus sign, which does not alter its meaning. The checks specified this way alter the default safety checks for that particular file. For example, consider the following specification:
-grdfil -ardfil linkwrdir
It relaxes the default set of checks by allowing the file to be group or world-readable, and tightens it on the other hand, by forbidding linked file in a writable directory.
To facilitate configuration, the following special keywords are also provided:
- all
- Enables all the above checks.
- none
- Disables all checks.
- default
- Stands for a default check set for the file in question.
Thus, to enable only ardfil and awrfil checks one would write:
none +ardfil +awrfil
Checked Files
This section discussed files to which the security checks are applied.
SSL Files
These are SSL key, certificate and certificate authority (CA) files. They are configured using tls-file-checks block statement:
tls-file-checks {
key-file <arg: list>; # Configures safety checks for the key file.
cert-file <arg: list>; # Configures safety checks for the certificate file.
ca-file <arg: list>; # Configures safety checks for that file.
};The keywords configuring file-specific tests and their corresponding defaults are as follows:
- key-file
- Safety checks for the SSL key file. The default is: all.
- cert-file
- Safety checks for the SSL certificate file. The default is: +awrfil +gwrfil +linkwrdir.
- ca-file
- Safety checks for the SSL certificate authority file. The default is: +awrfil +gwrfil +linkwrdir.
For example, the following configuration allows the key file to be group-readable:
tls-file-checks {
ssl-key -grdfil;
}The Forward File
The forward file supported by mda and lmtpd is a traditional dot-forward file controlling mail forwarding for the system user. By default, the following checks are applied to it: awrfil gwrfil linkwrdir awrdir gwrdir. Additionally, the file is required to be owned by the user it belongs to.
Safety checks for the forward file are controlled by the forward.file-checks statement. For example:
forward {
# Process forward file.
file ".forward";
# Configure safety checks for the forward file.
file-checks default -gwrdir;
}DBM Files
Checks applied to various DBM files are controlled individually for each database.
