Bug 4086: When run as nobody, child processess get root privileges

[Brad Koehn <br...@koehn.com>]

I had difficulty posting this bug to bugzilla, and it doesn't look like 
it's been assigned to anybody yet (although one person submitted a 
patch). I'm not enough of a perl jockey (or BSD jockey, to tell the 
truth) to fix it myself, but I'm very concerned that I've opened my 
production SA server to attack while this bug remains open (to mitigate 
the risk, I'm running SA on an isolated OS X box for the time being). If 
somebody out there has the background, I'd really appreciate a patch.

Anyway, Here's the bug 
(http://bugzilla.spamassassin.org/show_bug.cgi?id=4086):

When I installed SA-3.0.2, I noticed the following when running ps xauww:

nobody 9845 0.0 3.3 108920 36344 ?? Ss 7:55AM 0:17.21 /usr/bin/spamd 
-dcx  --virtual-config-dir=/var/spamassassin/%u -i 10.0.1.253 -A 
10.0.1.254 -u nobody -r /var/run/spamd.pid
root   9854 0.0 6.0 112772 66908 ?? S 7:55AM 0:16.28 spamd child
root   9855 0.0 5.9 111752 66188 ?? S 7:55AM 0:12.65 spamd child
root   9856 0.0 6.0 111724 66412 ?? S 7:55AM 0:13.96 spamd child
root   9857 0.0 5.9 111696 65208 ?? S 7:55AM 0:10.44 spamd child
root   9858 0.0 5.9 111696 66264 ?? S 7:55AM 0:13.68 spamd child

Notice that the parent process is running as nobody like it's supposed 
to, but all of the children are running as root. When it's first 
started, the child processes run as nobody, but it seems that as they 
process messages they are being promoted to run as root, and they stay 
that way.

Now if there are any security holes in SA or any plugins, they are 
exposed with root access to my machine (running Mac OS X Server 10.3.7 
with all patches applied).