[Rspamd-Users] Control rspamd depending on subject content
G.W. Haywood
rspamd at jubileegroup.co.uk
Sat Jan 20 12:35:33 UTC 2024
Hi there,
On Sat, 20 Jan 2024, Andreas wrote:
> Am Samstag, 20. Januar 2024, 11:16:04 CET schrieb G.W. Haywood:
>>> ...
>>
>> In general I would advise against all use of sudo on a mail server
>> which is exposed to the Internet. Its use makes the steps from an
>> initial compromise to full control of the machine very much easier
>> for the criminals. ...
> ...
> I find the warning expose at the beginning a little
> inappropriate. We all know that a normal user on Linux cannot change
> anything in the system. ...
> ...
That's how it's supposed to work, but often it doesn't. Try searching
for "Linux CVE privilege escalation" for example.
https://www.cve.org/CVERecord?id=CVE-2023-33952
https://www.cve.org/CVERecord?id=CVE-2023–32629
https://www.cve.org/CVERecord?id=CVE-2023-32233
https://www.cve.org/CVERecord?id=CVE-2023-22809
https://www.cve.org/CVERecord?id=CVE-2023-4911
...
I have in the past used a vulnerability like this to hack into one of
my own systems when I lost the root password, just because at the time
it was more convenient than rebooting it. The hack was trivial. IIRC
the vulnerability had been present in the system for over a decade.
CVE-2023-22809 is particularly interesting in this context. But if the
initial compromise happens to have given access for the malicious actor
to an account listed in 'sudoers' then it might already game over. See
for example (random link taken from a search):
https://superuser.com/questions/1495807/can-someone-explain-what-is-user-all-all-nopasswdall-does-in-sudoers-file
--
73,
Ged.
More information about the Users
mailing list