[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: spamassassin a possible security risk?



On Mon, Oct 18, 2004 at 09:36:17PM -0500, John Thompson wrote:
> Not on my FreeBSD machine:

I don't think it's Fedora specific -- it's in the spamd man page, and it
doesn't look like there's any special patches to that effect in the package.

> Oct 18 21:27:30 amayatra spamd[51657]: info: setuid to root succeeded
> Oct 18 21:27:30 amayatra spamd[51657]: Still running as root: user not
> specified with -u, not found, or set to root.  Fall back to nobody.
> ~                                               ^^^^^^^^^^^^^^^^^^^

Oh -- it's possible this is new behavior in spamassassin 3.0, which I
snagged from the devel tree. I forgot that wasn't a general FC2 update. What
version are you running?

> Maybe Fedora is different, but like I said, I don't run SA on Fedora.

But, y'know, this *is* the Fedora List. :)

-- 
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]