[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: spamassassin a possible security risk?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthew Miller wrote:
| On Mon, Oct 18, 2004 at 09:13:20PM -0500, John Thompson wrote:
|
|>Try "grep spamd /var/log/maillog" and see if your spamd is reverting to
|>"nobody" when it runs.
|
|
| :) Either you're presenting a subtle socratic argument here, or you didn't
| try this yourself -- if you did, you'd see that it is setting its id
to that
| of the calling user when it runs. Even better.

Not on my FreeBSD machine:

Oct 18 21:27:30 amayatra spamd[51657]: info: setuid to root succeeded
Oct 18 21:27:30 amayatra spamd[51657]: Still running as root: user not
specified with -u, not found, or set to root.  Fall back to nobody.
~                                               ^^^^^^^^^^^^^^^^^^^

Oct 18 21:27:30 amayatra spamd[51657]: processing message

Maybe Fedora is different, but like I said, I don't run SA on Fedora.

- --

- -John (john os2 dhs org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBdH2hjXa7jixmuZsRAgKsAJ9ewVwFCPAfBdagnxsaozTCniBwUACguv7S
d5AIVfrTn1qVFmOqCO+WY/Q=
=pdal
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]