On 9/7/2023 17:00:51, joe a wrote:
Any known issues with installing/running roundcube and dovecot on the
same server?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Placing roundcube on its
El 8/9/23 a les 11:59, Marc ha escrit:
Since when does a hacked website gain root? What argument is next, when
your
storage solution is hacked they have access to your files? Are you not
working
with linux? How frequent are exploits that give you a root.
I was responding to jeremy ardley
> > Since when does a hacked website gain root? What argument is next, when
> your
> > storage solution is hacked they have access to your files? Are you not
> working
> > with linux? How frequent are exploits that give you a root.
>
> I was responding to jeremy ardley considering root access
>
> A web search on 'linux web server exploits that gain root' will give
> many examples.
No, not. And you better get your info for this type of stuff from cve websites
or apache vulnerability list.
> Security design by first principle assumes that an attacker will gain
> root access.
I
On 2023-09-08, Marc wrote:
> Since when does a hacked website gain root? What argument is next, when your
> storage solution is hacked they have access to your files? Are you not working
> with linux? How frequent are exploits that give you a root.
I was responding to jeremy ardley considering
On 8/9/23 16:24, Marc wrote:
Since when does a hacked website gain root?
A web search on 'linux web server exploits that gain root' will give
many examples.
Security design by first principle assumes that an attacker will gain
root access.
Best practise is to limit the damage that can
>
> There is a generic issue with doing this. That is if you have roundcube
> (or any other web mail interface) on the same server as dovecot, a
> breach of the web interface could be quite serious and allow access to
> the complete mail store.
No this is crap. user/group is are preventing this.
>
> On 2023-09-08, jeremy ardley via dovecot wrote:
>
> > The scenario you describe does not consider a breach of the web mail
> service
> > that allows root access to the file system.
> >
> > If the web service is compromised to that extent then the mail file store
> is
> > also compromised.
>
El 8/9/23 a les 10:07, Michel Verdier ha escrit:
On 2023-09-08, jeremy ardley via dovecot wrote:
The scenario you describe does not consider a breach of the web mail service
that allows root access to the file system.
If the web service is compromised to that extent then the mail file store
On 2023-09-08, jeremy ardley via dovecot wrote:
> The scenario you describe does not consider a breach of the web mail service
> that allows root access to the file system.
>
> If the web service is compromised to that extent then the mail file store is
> also compromised.
>
> If the mail file
10 matches
Mail list logo