include much needed antivirus products in FC2

Steven Pritchard steve at silug.org
Wed Jan 7 00:53:44 UTC 2004 

On Wed, Jan 07, 2004 at 12:42:45AM +0100, Enrico Scholz wrote:
> steve at silug.org (Steven Pritchard) writes:
> > Well *why* would you remove a system user account?
> 
> Most packagess are doing it and it seems to be reasonably for package
> management (same system state before and after package installation +
> removal). I know statements from Red Hat that users should not be
> deleted, but
> 
> a) their own packages are doing it
> b) there are no official policies (which can e.g. be used to argument
>    bugreports for a) packages)

OK, then somebody needs to make it an official policy that system user
accounts *not* be removed.  It's just not a good idea to be re-using
UIDs.

Problem solved.  :-)

> > Besides, in this case, all you need to do is let
> > clamd run as its own user, with a writable socket file.
> 
> Writable for whom? For 'clamd' only would not make sense, world-writable
> is a huge security risk: user A could gain information about user B by
> scanning his files.

How?  If the (unprivileged) clamd user can read user B's files, then
user A could just read them with cat.  If clamd has any special
privileges, then it isn't configured properly.

> DOS attacks are possible also: users should not be
> able to shutdown system services with a simple 'QUIT' command.

If clamd allows that, it's a bug and should be fixed.

> I played some time with a group-writable socket, but got lost in a
> bunch of conflicting group-definitions. Perhaps ACL's can solve this,
> but they are not available yet. The security problems mentioned above
> are a problem also (e.g. squid-service should not be able to read
> mailserver files).

In my amavisd package, I just make the temporary path executable by
clamd's group, so it can open files when it is given a path BUT THAT'S
IT.  The only problem that arises is if the end-user wants to install
other virus scanners and do the same thing with them, but that's their
problem to solve, not mine.  :-)

> Therefore, one clamd server per service (mailscanner, squid, ...) is
> the only installation which makes sense; a system-wide clamd is not
> possible.

I totally disagree.  This is no different than random users wanting to
allow access to something from apache but nothing else...  It doesn't
require an infinite number of apache processes running under different
UIDs.

Steve
-- 
Steven Pritchard - K&S Pritchard Enterprises, Inc.
Email: steve at kspei.com             http://www.kspei.com/
Phone: (618)398-7360               Mobile: (618)567-7320

More information about the fedora-devel-list mailing list