You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by du...@apache.org on 2007/11/29 00:58:28 UTC
svn commit: r599208 - /spamassassin/branches/3.2/spamd/spamd.raw
Author: duncf
Date: Wed Nov 28 15:58:28 2007
New Revision: 599208
URL: http://svn.apache.org/viewvc?rev=599208&view=rev
Log:
bug 5728: require -u with --sql-config or --ldap-config
Modified:
spamassassin/branches/3.2/spamd/spamd.raw
Modified: spamassassin/branches/3.2/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.2/spamd/spamd.raw?rev=599208&r1=599207&r2=599208&view=diff
==============================================================================
--- spamassassin/branches/3.2/spamd/spamd.raw (original)
+++ spamassassin/branches/3.2/spamd/spamd.raw Wed Nov 28 15:58:28 2007
@@ -494,12 +494,15 @@
# run with -u
# we're not root
# doing --vpopmail or --virtual-config-dir
-# we disable user-config
+# using --sql-config or --ldap-config
+# (unless we're also using --setuid-with-sql or --setuid-with-ldap)
my $setuid_to_user = (
- $opt{'username'} ||
- $> != 0 ||
- $opt{'vpopmail'} ||
- $opt{'virtual-config-dir'}
+ $opt{'username'} ||
+ $> != 0 ||
+ $opt{'vpopmail'} ||
+ $opt{'virtual-config-dir'} ||
+ ($opt{'sql-config'} && !$opt{'setuid-with-sql'}) ||
+ ($opt{'ldap-config'} && !$opt{'setuid-with-ldap'})
) ? 0 : 1;
dbg("spamd: will perform setuids? $setuid_to_user");
@@ -516,6 +519,18 @@
}
}
+if ($opt{'sql-config'} && !$opt{'setuid-with-sql'}) {
+ if ( !$opt{'username'} ) {
+ die "spamd: cannot use --sql-config without -u\n";
+ }
+}
+
+if ($opt{'ldap-config'} && !$opt{'setuid-with-ldap'}) {
+ if ( !$opt{'username'} ) {
+ die "spamd: cannot use --ldap-config without -u\n";
+ }
+}
+
# always copy the config, later code may disable
my $copy_config_p = 1;
@@ -2749,7 +2764,6 @@
connections will be accepted on the B<--port> at the same time as encrypted
connections are accepted at B<--ssl-port>.
-
=item B<-q>, B<--sql-config>
Turn on SQL lookups even when per-user config files have been disabled
@@ -2760,10 +2774,17 @@
If your spamc client does not support sending the C<User:> header,
like C<exiscan>, then the SQL username used will always be B<nobody>.
+This inhibits the setuid() behavior, so the C<-u> option is
+required. If you want the setuid() behaviour, use C<-Q> or
+C<--setuid-with-sql> instead.
+
=item B<--ldap-config>
Turn on LDAP lookups. This is completely analog to C<--sql-config>,
only it is using an LDAP server.
+
+Like C<--sql-config>, this disables the setuid behavior, and requires
+C<-u>. If you want it, use C<--setuid-with-ldap> instead.
=item B<-Q>, B<--setuid-with-sql>