You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sysadmins@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2017/11/27 15:00:25 UTC
[Bug 7508] New: Suboptimal permissions of mirrored rulesets files
(on sa-update mirrors)
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7508
Bug ID: 7508
Summary: Suboptimal permissions of mirrored rulesets files (on
sa-update mirrors)
Product: Spamassassin
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: sysadmins
Assignee: sysadmins@spamassassin.apache.org
Reporter: Jens.Schleusener@t-online.de
Target Milestone: Undefined
The mirrored rulesets tarball files (and the according ASC and SHA1 files) have
odd and heterogeneous permissions. Here an extract:
-rw-rw-r-- 11 Nov 27 14:17 MIRROR.CHECK
-rw-r--r-- 100 Nov 27 09:31 1816413.tar.gz.sha1
-rw-r--r-- 819 Nov 27 09:31 1816413.tar.gz.asc
-rw-r--r-- 207813 Nov 27 09:31 1816413.tar.gz
-r-xr--r-- 819 Nov 27 03:55 1816372.tar.gz.asc
-r-xr--r-- 113 Nov 27 03:55 1816372.tar.gz.sha1
-r-xr--r-- 275070 Nov 27 03:55 1816372.tar.gz
-rw-r--r-- 1309 Nov 26 22:30 MIRRORED.BY
...
-rw-rw-r-- 100 Jun 4 10:30 1797561.tar.gz.sha1
-rw-rw-r-- 819 Jun 4 10:30 1797561.tar.gz.asc
-rw-rw-r-- 206546 Jun 4 10:30 1797561.tar.gz
...
-rwxrwxr-x 56 Feb 15 2007 507739.tar.gz.sha1
-rwxrwxr-x 126897 Feb 15 2007 507739.tar.gz
-rwxrwxr-x 823 Feb 15 2007 507739.tar.gz.asc
In my eyes the execution-flags are totally wrong. And also the write-flags are
superfluous and at least theoretically a little bit dangerous. I assume the
mirroring ("rsync") will even work without a write-flag for the owner.
But as Kevin A. McGrail has written in the sysadmins mailing list it seems not
a big problem but only a flaw "because rules are crypto signed".
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7508] Suboptimal permissions of mirrored rulesets files (on
sa-update mirrors)
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7508
Dave Jones <da...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |davej@apache.org
Status|NEW |ASSIGNED
Assignee|sysadmins@spamassassin.apac |davej@apache.org
|he.org |
--- Comment #1 from Dave Jones <da...@apache.org> ---
You are correct. The perms are not optimal. However, web servers shouldn't be
executing any of these file types as they are not scripts or executable files.
I will look at the scripts that generate the rulesets and set perms to 444.
Rsyncs should be running as root on the mirrors so this should not impact
rsync'ing.
--
You are receiving this mail because:
You are the assignee for the bug.