[bug-mailutils] pop3d: setting up chroot simply

[Stephen Gildea]

I'd like to propose a model for the mailutils daemons pop3d and imap4d
whereby they could be chrooted while interacting with clients without
requiring the sysadmin to copy lots of files from /etc and /lib into the
chroot subdirectory.

The basic model, borrowed from BIND named, is do much of the start-up
initialization (which needs to open lots of system files) before doing
the chroot.

I think a good place to do the chroot would be where the daemons
currently do setuid.  At this point we are finished accessing /etc files
and are about to look at the user's mailbox only.

Perhaps the mu_auth_data struct could be changed to separate the mailbox
element into mailbox_dir and mailbox_file.  Then the daemon could chroot
to the mailbox_dir and access the mailbox_file in the current directory.

The code in pop3d/user.c:pop3d_user() might then look like this:

  chroot (auth_data->mailbox_dir);
  chdir ("/");
  setuid (auth_data->uid);
  if ((status = mailbox_create (&mbox, auth_data->mailbox_file)) != 0
      ...

Note that chroot is only useful if the process also drops root
privileges.  Thus even for virtual domains/users, the daemon must have a
non-root UID to run as.

I have mailutils 0.6.90 on Debian Sarge.

 < Stephen