Date: Tue, 25 May 2004 12:03:50 +0200 (CEST) From: rob@debank.tv To: "Oliver Eikemeier" <eikemeier@fillmore-labs.com> Cc: ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/clamav-devel [...] pkg-install [...] Message-ID: <50813.193.79.18.58.1085479430.squirrel@debank.tv> In-Reply-To: <40B3167F.8060509@fillmore-labs.com> References: <200405242302.i4ON2NcJ063759@repoman.freebsd.org> <ygehdu4ubgm.wl%ume@FreeBSD.org> <52001.193.79.18.58.1085477488.squirrel@debank.tv> <40B3167F.8060509@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> rob@debank.tv wrote: > >>>Hi, >>> >>>>>>>>On Mon, 24 May 2004 16:02:23 -0700 (PDT) >>>>>>>>Pav Lucistnik <pav@FreeBSD.org> said: >>> >>>[...] >>>pav> - Chmod 770 socket directory >>>pav> - Diff reduction against security/clamav port >>> >>>pav> PR: ports/67125 >>>pav> Submitted by: Rob Evers <rob@debank.tv> (maintainer) >>> >>>Could you please change mode of /var/run/clamd to 750? Unless this >>>change, sendmail complains about it and doesn't run. >>> >>>Index: pkg-install >>>diff -u pkg-install.orig pkg-install >>>--- pkg-install.orig Tue May 25 15:57:11 2004 >>>+++ pkg-install Tue May 25 17:56:03 2004 >>>@@ -38,7 +38,7 @@ >>> >>> echo "===> Setting permissions..." >>> mkdir -p "${CLAMRUN}" >>>-chmod 770 "${CLAMRUN}" >>>+chmod 750 "${CLAMRUN}" >>> chown "${CLAMAVUSER}:${CLAMAVGROUP}" "${CLAMRUN}" >>> >>> mkdir -p "${CLAMLOG}" >>> >>>Sincerely, >>> >>>-- >>>Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan >>>ume@mahoroba.org ume@{,jp.}FreeBSD.org >>>http://www.imasy.org/~ume/ >> >> I can confirm this, >> >> Sendmail doesn't like group writable socket directorys, please apply >> this >> fix. (Bump PORTREVISION) >> >> Rob Evers > > I still don't get the purpose of not allowing non-root processes > to use clamav. This would break my exim installation, fortunately > I'm using security/clamav, where this change hasn't been made. > > -Oliver > Isn't there a security risk allowing every user to read the clamd socket ? (that's why I made this change). Rob Evers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50813.193.79.18.58.1085479430.squirrel>