Re: spamassassin a possible security risk?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas Zehetbauer wrote:

| On Mon, 2004-10-18 at 21:36 -0500, John Thompson wrote:
|
|>Not on my FreeBSD machine:
|>
|>Oct 18 21:27:30 amayatra spamd[51657]: info: setuid to root succeeded
|>Oct 18 21:27:30 amayatra spamd[51657]: Still running as root: user not
|>specified with -u, not found, or set to root.  Fall back to nobody.

| Looks like you are ignoring two important security recommendations:
| 1.) never work as root
| 2.) root get's no mail

Actually, I'm not. spamd is started by root during system startup, but
it changes to user "nobody" when it gets called to do some work, as the
log snippet above shows. And root's mail is forwarded to me at my
regular user mailbox.

- --

- -John (john@xxxxxxxxxxx)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBdUX/jXa7jixmuZsRAkc+AKDiC6K4AQGbr/A4SVO1JNjDMxswEgCaAhDE
Fef+hytQ2IjiDRViZrHzUAE=
=DlAL
-----END PGP SIGNATURE-----


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux