[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: spamassassin a possible security risk?



On Tue, Oct 19, 2004 at 03:42:16AM +0200, Thomas Zehetbauer wrote:
> Although I know of no exploit at the moment I find it quite risky that
> Fedora currently comes configured to 
> 1) run spamd as root

When run as root, it can setuid to the user running spamc. So that's
actually better.

> 1.1) allowing everyone to connect

Everyone on the local host. And that's who it's designed for; not sure this
is a problem.

> 1.2) trying to parse, lookup and impersonate an untrusted username

how's that?

> 1.3) scanning e-mail messages on behalf of that user

right.... that's what it does....

> 1.3.1) using system resources

as does anything the user runs. But if if the daemon can switch userids, I
presume you can then account this resource use to that user.

> 1.3.2) possibly executing external applications and accessing network
>        accounts

Depending on the configuration, yeah. Although what it does on the network
is somewhat limited, and presumably reasonably checked for security.
Tricking spamassassin into doing something Bad on the network seems like a
valid concern, though.

> 2) start spamd as user
> 2.1) allowing everyone to connect
> 2.2) trying to use the configuration of an untrusted user
> 2.3) using system resources
> 2.4) possibly executing external applications and accessing network
>      accounts

Anyone can write a trivial little daemon to do this. You can do it with
httpd, if you want. You can do it from the command line with 'nc', or you
could use zsh shell builtins.


> Binding to 127.0.0.1 is not secure as linux by default uses the 'weak
> end host' model.

Except Fedora, as Red Hat Linux before it, turns on source route
verification by default. (Look at /etc/sysctl.conf.) So, it doesn't.


-- 
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]