You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/12/18 02:32:35 UTC

[Bug 4041] Users can load plugins

http://bugzilla.spamassassin.org/show_bug.cgi?id=4041





------- Additional Comments From felicity@kluge.net  2004-12-17 17:32 -------
Subject: Re:  New: Users can load plugins

On Fri, Dec 17, 2004 at 03:32:25PM -0800, bugzilla-daemon@bugzilla.spamassassin.org wrote:
> Calling loadplugin from user_prefs works despite the documentation which
> suggests that it should not.  It is listed under 'Administrator Settings' in the
> manpage for Mail::SpamAssassin::Conf.  Additionally, this could be a source of
> security problems - allowing users to execute unsafe code.

Just to verify, this is reproducable with spamd?  "spamassassin" may let this
happen since there's no security issue (it runs as the user running it...)





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.