spamassassin a possible security risk?
Ow Mun Heng
Ow.Mun.Heng at wdc.com
Tue Oct 19 03:37:48 UTC 2004
On Tue, 2004-10-19 at 10:53, Matthew Miller wrote:
> On Mon, Oct 18, 2004 at 09:36:17PM -0500, John Thompson wrote:
> > Not on my FreeBSD machine:
>
> I don't think it's Fedora specific -- it's in the spamd man page, and it
> doesn't look like there's any special patches to that effect in the package.
>
> > Oct 18 21:27:30 amayatra spamd[51657]: info: setuid to root succeeded
> > Oct 18 21:27:30 amayatra spamd[51657]: Still running as root: user not
> > specified with -u, not found, or set to root. Fall back to nobody.
> > ~ ^^^^^^^^^^^^^^^^^^^
>
I had that problem on gentoo during setup, You need to configure the OPT
flags for spamasssin.
cat /etc/sysconfig/spamassassin
# Options to spamd
# -d = daemonize it
# -c = create user preference files (this is usually in
$HOME/.spamassassin)
# -a = Use Auto Whitelist
# -m5 = Allow maximum # of children
# -u = Drop priviledges and run as this user
# -x = Disable user config files. (This way, spamd won't complain about
permission issues)
SPAMDOPTIONS="-d -c -a -m5 -u spamd -x -L"
Note the "-u"
--
Ow Mun Heng
Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel
2.6.7-2.jul1-interactive
Neuromancer 11:36:41 up 2:12, 8 users, load average: 1.23, 1.31, 1.33
More information about the fedora-list
mailing list