[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: spamassassin a possible security risk?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas Zehetbauer wrote:

| Although I know of no exploit at the moment I find it quite risky that
| Fedora currently comes configured to
|
| 1) run spamd as root

Spamd can be configured to run as a different user and on FreeBSD at
least -- I don't run SA on my Fedora box -- it defaults to running as
user "nobody" if it is invoked as "root" with no "-u [name]" option.

Try "grep spamd /var/log/maillog" and see if your spamd is reverting to
"nobody" when it runs.

- --

- -John (john os2 dhs org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBdHhAjXa7jixmuZsRApxuAJ9V16hdbapJ/3r0zyvCMjUL5hygxACgs6ZH
+eKcG6ZDC1LUFeHYj88E9ec=
=k9Pe
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]