paths and permissions
David Relson
relson at osagesoftware.com
Fri Feb 27 16:55:47 CET 2004
On Fri, 27 Feb 2004 10:45:13 -0500 (EST)
Dave Lovelace wrote:
> David Relson wrote:
> >
> > Hi Jesse,
> >
> > Sounds right. Since that posting, I learned that procmail runs
> > suid. It's been pointed out that that's potentially dangerous since
> > users can have their own .procmailrc files.
> >
> > David
> >
> Anything that runs SUID root is in principle insecure, but the
> software's authors attempt to wall off the sections where it's
> actually running as root. I don't know procmail's code, but I'd
> presume that by the time it's running the user's .procmailrc it's
> running as the user.
Hi Dave,
What you say sounds reasonable and sane. See if you can explain the
following:
If the .procmailrc recipes are run as the user and bogofilter is run
from .procmailrc, then how can "bogofilter -u" update a global wordlist
that's writable by only one user?
Here are the permissions of the relevant directory and file. At
various times, I've had owner/group set as relson/relson or root/root.
drwxr-xr-x 2 mail mail 4096 Feb 21 16:25
/var/spool/bogofilter/
-rw-r--r-- 1 mail mail 74317824 Feb 27 10:49 wordlist.db
David
More information about the Bogofilter
mailing list