On Tue, 19 Oct 2004, Thomas Zehetbauer wrote: > On Mon, 2004-10-18 at 21:36 -0500, John Thompson wrote: > > Not on my FreeBSD machine: > > > > Oct 18 21:27:30 amayatra spamd[51657]: info: setuid to root succeeded > > Oct 18 21:27:30 amayatra spamd[51657]: Still running as root: user not > > specified with -u, not found, or set to root. Fall back to nobody. > > Looks like you are ignoring two important security recommendations: > 1.) never work as root > 2.) root get's no mail Root could get mail, but that's not the important thing. Spamd, itself, is not what's at issue in that message...it's actually spamc, or another program that is connecting to spamd in the same way spamc is. For example, the citadel project (http://www.citadel.org) can and will check incoming messages through a direct connection to spamd. However, while the citserver process runs as user "bbs" (at least on my system), the connection to spamd is reported, by spamd, as coming from root, and I see exactly the same message as above. I'm not aware of any actual security issues, however, from a spamc type client connecting to spamd as 'root'. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a message to: site-update-request@xxxxxxxxxxxxxxxxx with a message of: subscribe
