[Dovecot] DSpam plugin

Frank Cusack fcusack at fcusack.com
Fri Sep 22 04:22:08 EEST 2006


On September 21, 2006 10:35:04 AM +0200 Milan Holzäpfel <listen at mjh.name> 
wrote:
> On Wed, 20 Sep 2006 17:29:26 -0700
> Frank Cusack <fcusack at fcusack.com> wrote:
>
>> On September 20, 2006 11:10:37 PM +0200 Milan Holzäpfel
>> <listen at mjh.name>  wrote:
>> > Hi.
>> >
>> > On Wed, 20 Sep 2006 14:24:25 -0400
>> > Michael Blinn <mblinn at peopleplaces.org> wrote:
>> >
>> >> I wonder if this is a permissions problem with the dspam executable.
>> >> It is
>> >>
>> >> -r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
>> >
>> > In case you don't know: this means that the group the dspam executable
>> > is running as is changed to mail on execution, and only root or members
>> > of the group mail may execute it at all.
>>
>> Just root.  It would need g+r for group mail to execute it.
>
> You can execute an ELF (binary) executable without being able to read

Right you are!

> it.  (Not the case for a perl script e.g., as the interpreter has to
> read the script, but for such script sticky bits normally don't matter
> anyway)  If the permissions read -r-x--S--- (aka 2500), only root could
> execute it.

2500 gives -r-x--l--- on my system (Solaris 10 x86)

I think the setuid/setgid modes without exec bit set have implementation
specific behaviors.  On Solaris setgid without exec turns on mandatory
locking for that file.

Anyway, way off topic.

-frank


More information about the dovecot mailing list