[Dovecot] DSpam plugin
Milan Holzäpfel
listen at mjh.name
Thu Sep 21 11:35:04 EEST 2006
On Wed, 20 Sep 2006 17:29:26 -0700
Frank Cusack <fcusack at fcusack.com> wrote:
> On September 20, 2006 11:10:37 PM +0200 Milan Holzäpfel <listen at mjh.name>
> wrote:
> > Hi.
> >
> > On Wed, 20 Sep 2006 14:24:25 -0400
> > Michael Blinn <mblinn at peopleplaces.org> wrote:
> >
> >> I wonder if this is a permissions problem with the dspam executable. It
> >> is
> >>
> >> -r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
> >
> > In case you don't know: this means that the group the dspam executable
> > is running as is changed to mail on execution, and only root or members
> > of the group mail may execute it at all.
>
> Just root. It would need g+r for group mail to execute it.
You can execute an ELF (binary) executable without being able to read
it. (Not the case for a perl script e.g., as the interpreter has to
read the script, but for such script sticky bits normally don't matter
anyway) If the permissions read -r-x--S--- (aka 2500), only root could
execute it.
> On my system dspam is 02555 root:mail. I don't know if that's the default
> or if I tweaked it; probably the latter.
Question is whether the mail group is necessary / a good idea /
possibly a security risk if anyone may run dspam with that group. As
mentioned, not knowing dspam I have no idea on that...
Regards,
Milan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20060921/bdbe062f/attachment.pgp
More information about the dovecot
mailing list