spamassassin a possible security risk?
JohnThompson at new.rr.com
Tue Oct 19 02:13:20 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Thomas Zehetbauer wrote:
| Although I know of no exploit at the moment I find it quite risky that
| Fedora currently comes configured to
| 1) run spamd as root
Spamd can be configured to run as a different user and on FreeBSD at
least -- I don't run SA on my Fedora box -- it defaults to running as
user "nobody" if it is invoked as "root" with no "-u [name]" option.
Try "grep spamd /var/log/maillog" and see if your spamd is reverting to
"nobody" when it runs.
- -John (john at os2.dhs.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the users