[Mimedefang] MIMEdefang mimedefang.sock unsafe
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Sun Dec 28 13:03:42 EST 2003
Am So, den 28.12.2003 schrieb Network Guy um 18:06:
> I have rh9 with sendmail 8.12.10 like you. I am NOT a programmer, so I
> guessed. Remove defang as the group owner, put it back to root. Guess
> that the programmer(s) are checking for ownership, not ownership AND
> permissions?
>
> worked for me.
>
> tod
root as the owner of /var/spool/MIMEDefang and /var/spool/MD-Quarantine
is no good idea. How do you think the Mimedefang process as
unpriviledged user defang should then write to it?
$ ls -ld /var/spool/MIMEDefang/ /var/spool/MD-Quarantine/
drwx------ 1234 defang defang 413696 28. Dez 18:45
/var/spool/MD-Quarantine/
drwx------ 2 defang defang 4096 28. Dez 19:00
/var/spool/MIMEDefang/
This is what I have on RedHat 9 and on Fedora Core 1. Both are running
without any problem.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20031228/9ec7fb57/attachment-0001.sig>
More information about the MIMEDefang
mailing list