Security and another survey question (was Re: [Mimedefang] clamd is not responding?)
Dave Williss
dwilliss at microimages.com
Tue Oct 29 16:56:02 EST 2002
I like the idea of requiring it to run it as mailnull or some other user.
As long as it's well documented where to change the user it's run as
in the config file before building. I would be against having it be its
own user.
If it always logs its permission errors to syslog (which I believe it does)
then you never need to run as root. If there are permission problems,
you can find them. Perhaps mimedefang could check the permissions
on its spool directory and report any problems as soon as it starts
instead of waiting for the first message to be received. (maybe it
already does this?)
Is there any security problem with having the multiplexor run _by_
root but immediately switch to run _as_ some other, less powerful
user?
----- Original Message -----
From: "David F. Skoll" <dfs at roaringpenguin.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Tuesday, October 29, 2002 2:13 PM
Subject: Security and another survey question (was Re: [Mimedefang] clamd is
not responding?)
> Jason Englander wrote:
>
> > Read through bugtraq for a while.
>
> Another survey question: Currently, mimedefang and
> mimedefang-multiplexor complain if you run them as root. Who votes
> for having them refuse completely to run as root in the next release?
Does
> anyone have a scenario which requires MD to run as root?
>
> Regards,
>
> David.
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list