Your message dated Wed, 16 Jul 2014 12:17:54 +0000 with message-id <[email protected]> and subject line Bug#754810: Removed package(s) from unstable has caused the Debian Bug report #369886, regarding dspam: Please allow alternate configuration files to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 369886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369886 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: dspam Version: 3.6.6-1 Severity: wishlist Tags: patch dspam appears to actually be able to be much more than a spam filter. it can be a full-fledged classifier for arbitrary content. The way that the debian dspam package is installed is a pretty good strategy for using it as a spam filter, but it doesn't allow non-root users on the system to set up their own dspam-based classifiers or to experiment with different settings without damaging their one account, due to the centralized nature of the install, and the setgid binary. Also, you can't run two independent dspam daemons on one debian system at the moment and have them each use different configuration files. One way to allow these kinds of use without breaking the current setup is to allow the various dspam binaries to read from an alternate configuration file. Obviously, reading from an alternate configuration file as featureful as dspam's (e.g. loading arbitrary libraries) is a security risk for setuid or setgid executables. My proposal is that the environment variable DSPAM_CONF could be used to point to a preferred config file. If DSPAM_CONF is present and non-empty, dspam (and all related binaries) will read from the alternate file. Any binary that is setuid or setgid would drop privileges back to the real uid/gid in the presence of an alternate configuration file. The patch i'm providing attempts to implement this strategy. It should apply cleanly at the end of the current dpatch set. It also modifies all the upstream-provided man pages to describe the new functionality. i'm happy to patch the debian-provided manpages as well, if folks think this is a strategy worth keeping. Thanks, --dkg PS one thing i'm not clear about from a security perspective is how this patch will affect the dspam client/daemon interaction. Can someone who understands that interaction better than myself weigh in on this? What happens if a client is running with a different config file than the daemon it talks to? Will this be a problem? PPS i have an alternate implementation of this patch which uses a command line argument (--config=/wherever) instead of an environment variable. After a bit of playing around with it, i think i like the environment variable patch better than the argument patch, for a few reasons: 0) writing your own classifier on top of dspam as a set of scripts would be easier if you could just set an environment variable rather than having to supply the same argument over and over again, 1) programs which already contain nested calls to dspam should adapt to changes in the environment without modifying their internal calls to dspam, and 2) the dspam argument handling code appears to vary from binary to binary, and i don't want to break it too much. (e.g. dspam_admin doesn't currently accept any --long-arguments, while dspam itself does) However, if other folks prefer the command-line argument strategy, i'll provide that patchset instead. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (700, 'testing'), (700, 'stable'), (600, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages dspam depends on: ii adduser 3.87 Add and remove users and groups ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libdspam7 3.6.6-1 DSPAM is a scalable and statistica ii libldap2 2.1.30-13 OpenLDAP libraries ii procmail 3.22-16 Versatile e-mail processor Versions of packages dspam recommends: pn clamav-daemon <none> (no description available) ii dspam-doc 3.6.4-4 Documentation for dspam -- no debconf information
allow-alternate-config.dpatch
Description: application/shellscript
--- End Message ---
--- Begin Message ---Version: 3.10.2+dfsg-13+rm Dear submitter, as the package dspam has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/754810 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
