You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/01/10 17:24:47 UTC
[Bug 4758] New: spamd with -u option should change uid earler
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4758
Summary: spamd with -u option should change uid earler
Product: Spamassassin
Version: 3.1.0
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: spamc/spamd
AssignedTo: dev@spamassassin.apache.org
ReportedBy: plazonic@math.princeton.edu
If -u and -x options are used with spamd, e.g. "spamd -u spamuser -x" then in
3.1.0 spamd will change to spamuser only in children. In 3.0.x and before it
used to do it much earlier.
It is good to shed root privileges as soon as possible and in this case I don't
see a reason to run the parent as root - please correct me if I am wrong (I
tried asking on dev list, no reply yet).
This behaviour also causes issues with preload_modules_with_tmp_homedir which is
now ran always as root and therefore it can also initialize certain values and
files as root (e.g. without -H option and if using pyzor, razor and friends it
might create files as root in spamuser dir).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4758] spamd with -u option should change uid earler
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4758
------- Additional Comments From felicity@apache.org 2006-01-10 18:11 -------
the change was made specificially to fix other issues, such as sending a HUP (needs root to get port 783
back), reading config files, writing pid files, etc. the parent has to run as root, but it doesn't actually do
anything so there's not a huge issue.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4758] spamd with -u option should change uid earler
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4758
------- Additional Comments From jm@jmason.org 2006-09-04 12:54 -------
btw, it should be possible to switch effective UID to non-root for much of
spamd's lifetime, as long as UID=root is preserved.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4758] spamd with -u option should change uid earler
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4758
jm@jmason.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.2.0 |3.3.0
------- Additional Comments From jm@jmason.org 2006-12-12 12:40 -------
moving RFEs and low-priority stuff to 3.3.0 target
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4758] spamd with -u option should change uid earler
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4758
------- Additional Comments From plazonic@math.princeton.edu 2006-01-10 17:27 -------
Created an attachment (id=3322)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3322&action=view)
Reverts back to 3.0.x behaviour for where were spamd changes to -u user
Change to -u specified user much earlier in spamd, as spamd used to do in
3.0.x, shortly after binding to specified port. Change tested for a week now
with no issues and it did work like this until 3.1.0 just fine.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4758] spamd with -u option should change uid earler
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4758
gbpeck@sbcglobal.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gbpeck@sbcglobal.net
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4758] spamd with -u option should change uid earler
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4758
------- Additional Comments From plazonic@math.princeton.edu 2006-01-10 19:35 -------
There is just one problem - now parent preloads modules as root and this runs
certain initialization routines. In particular it will initialize pyzor and
razor as root. While it is debatable if this is ok to do as root it also
creates files as root in spamuser directory (-u spamuser -x) - .pyzor/, .razor/.
This is not usually a problem when -x and -u are not used as spamd will su to
user running spamc and never use those files. With -u spamuser -x they are
shared and children will not be able to write to them.
Any modules that might create files during initial load might suffer from the
same problem.
Pid file is written before rights are given up. Config files are usually 644 or
can be made group owned by specified user or similar.
Good point about SIGHUP though I personally will give up on it.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4758] spamd with -u option should change uid earler
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4758
felicity@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.2.0
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.