[Dovecot] DSpam plugin
Frank Cusack
fcusack at fcusack.com
Fri Sep 22 04:22:08 EEST 2006
On September 21, 2006 10:35:04 AM +0200 Milan Holzäpfel <listen at mjh.name>
wrote:
> On Wed, 20 Sep 2006 17:29:26 -0700
> Frank Cusack <fcusack at fcusack.com> wrote:
>
>> On September 20, 2006 11:10:37 PM +0200 Milan Holzäpfel
>> <listen at mjh.name> wrote:
>> > Hi.
>> >
>> > On Wed, 20 Sep 2006 14:24:25 -0400
>> > Michael Blinn <mblinn at peopleplaces.org> wrote:
>> >
>> >> I wonder if this is a permissions problem with the dspam executable.
>> >> It is
>> >>
>> >> -r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
>> >
>> > In case you don't know: this means that the group the dspam executable
>> > is running as is changed to mail on execution, and only root or members
>> > of the group mail may execute it at all.
>>
>> Just root. It would need g+r for group mail to execute it.
>
> You can execute an ELF (binary) executable without being able to read
Right you are!
> it. (Not the case for a perl script e.g., as the interpreter has to
> read the script, but for such script sticky bits normally don't matter
> anyway) If the permissions read -r-x--S--- (aka 2500), only root could
> execute it.
2500 gives -r-x--l--- on my system (Solaris 10 x86)
I think the setuid/setgid modes without exec bit set have implementation
specific behaviors. On Solaris setgid without exec turns on mandatory
locking for that file.
Anyway, way off topic.
-frank
More information about the dovecot
mailing list