You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Josko Plazonic <pl...@Math.Princeton.EDU> on 2006/01/06 01:20:28 UTC
spamd 3.1.0 run as username change
Hello,
I'd like to ask if there is any particular reason behind the change
between 3.0.4 and 3.1.0 spamd in "run as username" code (say spamd -u
spamuser -x ...)? In 3.0.x code spamd will change uid to specified
username much earlier than in 3.1.0. In 3.1.0 this is done only in
children and the parent process continues running as root.
Why am I asking? First of all is it even necessary for parent process
to run as root in such configuration (-u username -x ...) - securitywise
one would like to shed root privileges wherever not required and where
-u and -x options are used we can do it early.
More importantly - due to this change preload_modules_with_tmp_homedir
is now always ran as root, even with -u and -x options. I'd personally
like to avoid any unnecessary running of any code as root but this also
causes issues with file owneship problems in spamuser directory (again
spamd -u spamuser -x ...). Depending how you use -H this might cause
certain modules to create files as root in spamuser's directory - e.g.
with pyzor and razor - that will need to be written by spamuser later.
Not to mention that pyzor and razor get ran as root too...
So to get back to original question - any reason why this change was
made and why it couldn't be undone?
Josko P.