paths and permissions
David Relson
relson at osagesoftware.com
Mon Feb 23 17:09:57 CET 2004
On Mon, 23 Feb 2004 10:55:14 -0500
Matt Garretson wrote:
> David Relson wrote:
> > Userid "charlie" doesn't have write access to wordlist.db and can't
> > modify the file when logged in and running commands. However when
> > there's email for "charlie", he has write access to the file. A
> > test
>
> I think that in certain configurations, procmail runs as root (despite
> the value of LOGNAME, etc.) until it actually tries to write to the
> user's maildrop. In such cases, bogofilter will also run as root.
>
> If you want to test this theory, add "DROPPRIVS=yes" to the procmail
> rc file just before bogofilter -u gets called. My bet is that it
> will start to fail. So might other things, too, so use caution. :)
>
> -Matt
Matt,
Thanks for writing.
A bit of checking shows:
-rwsr-sr-x 1 root mail 72536 Jul 11 2003
/usr/bin/procmail*
which tells me procmail runs setuid. That gives it privileges
above/beyond what's indicated by environment variables such as UID,
USERNAME, HOME, etc.
With ownership of root, I surmise procmail (and the programs run under
it) can access whatever is necessary.
David
More information about the Bogofilter
mailing list