spamassassin a possible security risk?
John Thompson
JohnThompson at new.rr.com
Tue Oct 19 16:51:11 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Zehetbauer wrote:
| On Mon, 2004-10-18 at 21:36 -0500, John Thompson wrote:
|
|>Not on my FreeBSD machine:
|>
|>Oct 18 21:27:30 amayatra spamd[51657]: info: setuid to root succeeded
|>Oct 18 21:27:30 amayatra spamd[51657]: Still running as root: user not
|>specified with -u, not found, or set to root. Fall back to nobody.
| Looks like you are ignoring two important security recommendations:
| 1.) never work as root
| 2.) root get's no mail
Actually, I'm not. spamd is started by root during system startup, but
it changes to user "nobody" when it gets called to do some work, as the
log snippet above shows. And root's mail is forwarded to me at my
regular user mailbox.
- --
- -John (john at os2.dhs.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBdUX/jXa7jixmuZsRAkc+AKDiC6K4AQGbr/A4SVO1JNjDMxswEgCaAhDE
Fef+hytQ2IjiDRViZrHzUAE=
=DlAL
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list