Re: spamassassin a possible security risk?

From: Mike Burger (mburger_at_bubbanfriends.org)
Date: 10/19/04

  • Next message: Paul Howarth: "Re: How best 2 install Mozilla email" 
    Date: Tue, 19 Oct 2004 12:10:22 -0500 (EST)
To: For users of Fedora Core releases <fedora-list@redhat.com>

    On Tue, 19 Oct 2004, Thomas Zehetbauer wrote:

    > On Mon, 2004-10-18 at 21:36 -0500, John Thompson wrote:
    > > Not on my FreeBSD machine:
    > >
    > > Oct 18 21:27:30 amayatra spamd[51657]: info: setuid to root succeeded
    > > Oct 18 21:27:30 amayatra spamd[51657]: Still running as root: user not
    > > specified with -u, not found, or set to root. Fall back to nobody.
    >
    > Looks like you are ignoring two important security recommendations:
    > 1.) never work as root
    > 2.) root get's no mail

    Root could get mail, but that's not the important thing.

    Spamd, itself, is not what's at issue in that message...it's actually
    spamc, or another program that is connecting to spamd in the same way
    spamc is.

    For example, the citadel project (http://www.citadel.org) can and will
    check incoming messages through a direct connection to spamd. However,
    while the citserver process runs as user "bbs" (at least on my system),
    the connection to spamd is reported, by spamd, as coming from root, and I
    see exactly the same message as above.

    I'm not aware of any actual security issues, however, from a spamc type
    client connecting to spamd as 'root'. 

    -- 
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
To be notified of updates to the web site, visit 
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a 
message to:
site-update-request@bubbanfriends.org
with a message of: 
subscribe
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Paul Howarth: "Re: How best 2 install Mozilla email"

    Relevant Pages

    • Re: spamassassin running as nobody causes problems
      ... As I understand it, and frmo a little google, spamd changes its uid to ... 'nobody' when it get a message to scan. ... directory for its AWL files and bayes_* files. ... the child processes as 'nobody' when SA is called by root. ...
      (Debian-User)
    • Re: How do I teach Spam Assassin?
      ... But as spamd is running before each user's mail ... I've started using sa-learn regularly. ... spamd (as root), so I have made sure I run all my sa-learn invocations ... and the bayes files are being updated in ...
      (Fedora)
    • Re: How do I teach Spam Assassin?
      ... > Since reading this thread, ... > run spamd (as root), so I have made sure I run all my sa-learn ... and the bayes files are being updated in ... > It's not clear to me from the spamd manpage if spamd it will use ...
      (Fedora)
    • Re: [SLE] Question about SpamAssassin permissions
      ... > SA was still running as root. ... How exactly are you calling SA? ... spamd will try to use the home directory of the ... Check the headers for your unsubscription address ...
      (SuSE)
    • FW: 2 sftp questions
      ... || I got sftp working, ... || with gftp, also from root. ... | logging in as root if at all possible. ... Connecting to 66.225.207.87... ...
      (Fedora)