Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 May 2004 12:03:50 +0200 (CEST)
From:      rob@debank.tv
To:        "Oliver Eikemeier" <eikemeier@fillmore-labs.com>
Cc:        ports-committers@freebsd.org
Subject:   Re: cvs commit: ports/security/clamav-devel [...] pkg-install [...]
Message-ID:  <50813.193.79.18.58.1085479430.squirrel@debank.tv>
In-Reply-To: <40B3167F.8060509@fillmore-labs.com>
References:  <200405242302.i4ON2NcJ063759@repoman.freebsd.org>    <ygehdu4ubgm.wl%ume@FreeBSD.org> <52001.193.79.18.58.1085477488.squirrel@debank.tv> <40B3167F.8060509@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> rob@debank.tv wrote:
>
>>>Hi,
>>>
>>>>>>>>On Mon, 24 May 2004 16:02:23 -0700 (PDT)
>>>>>>>>Pav Lucistnik <pav@FreeBSD.org> said:
>>>
>>>[...]
>>>pav>   - Chmod 770 socket directory
>>>pav>   - Diff reduction against security/clamav port
>>>
>>>pav>   PR:             ports/67125
>>>pav>   Submitted by:   Rob Evers <rob@debank.tv> (maintainer)
>>>
>>>Could you please change mode of /var/run/clamd to 750?  Unless this
>>>change, sendmail complains about it and doesn't run.
>>>
>>>Index: pkg-install
>>>diff -u pkg-install.orig pkg-install
>>>--- pkg-install.orig	Tue May 25 15:57:11 2004
>>>+++ pkg-install	Tue May 25 17:56:03 2004
>>>@@ -38,7 +38,7 @@
>>>
>>> echo "===> Setting permissions..."
>>> mkdir -p "${CLAMRUN}"
>>>-chmod 770 "${CLAMRUN}"
>>>+chmod 750 "${CLAMRUN}"
>>> chown "${CLAMAVUSER}:${CLAMAVGROUP}" "${CLAMRUN}"
>>>
>>> mkdir -p "${CLAMLOG}"
>>>
>>>Sincerely,
>>>
>>>--
>>>Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
>>>ume@mahoroba.org  ume@{,jp.}FreeBSD.org
>>>http://www.imasy.org/~ume/
>>
>> I can confirm this,
>>
>> Sendmail doesn't like group writable socket directorys, please apply
>> this
>> fix. (Bump PORTREVISION)
>>
>> Rob Evers
>
> I still don't get the purpose of not allowing non-root processes
> to use clamav. This would break my exim installation, fortunately
> I'm using security/clamav, where this change hasn't been made.
>
> -Oliver
>


Isn't there a security risk allowing every user to read the clamd socket ?
(that's why I made this change).

Rob Evers.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50813.193.79.18.58.1085479430.squirrel>