spamassassin a possible security risk?
John Thompson
JohnThompson at new.rr.com
Tue Oct 19 02:36:17 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Miller wrote:
| On Mon, Oct 18, 2004 at 09:13:20PM -0500, John Thompson wrote:
|
|>Try "grep spamd /var/log/maillog" and see if your spamd is reverting to
|>"nobody" when it runs.
|
|
| :) Either you're presenting a subtle socratic argument here, or you didn't
| try this yourself -- if you did, you'd see that it is setting its id
to that
| of the calling user when it runs. Even better.
Not on my FreeBSD machine:
Oct 18 21:27:30 amayatra spamd[51657]: info: setuid to root succeeded
Oct 18 21:27:30 amayatra spamd[51657]: Still running as root: user not
specified with -u, not found, or set to root. Fall back to nobody.
~ ^^^^^^^^^^^^^^^^^^^
Oct 18 21:27:30 amayatra spamd[51657]: processing message
Maybe Fedora is different, but like I said, I don't run SA on Fedora.
- --
- -John (john at os2.dhs.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBdH2hjXa7jixmuZsRAgKsAJ9ewVwFCPAfBdagnxsaozTCniBwUACguv7S
d5AIVfrTn1qVFmOqCO+WY/Q=
=pdal
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list