Package: dspam Version: 3.6.8-5 Severity: normal Tags: patch --- Please enter the report below this line. --- The following bug has been reported in Ubuntu by Swâmi Petaramesh at https://launchpad.net/bugs/158136 - the report below is from him:
/usr/bin/dspamc file permissions should be the same as for /usr/bin/dspam (owned by dspam:dspam, setgid bit set) otherwise calling it as non-root causes it to complain it cannot read /etc/dspam/dspam.conf, and abort. Both the "dspam" and "dspamc" binaries perform the same function : Check a message for being spam or not, and either one or the other is used by MTA or MDA (or any user on the system). "dspam" can be run either one-shot or as a daemon. "dspamc" is actually just a lighter, stripped-down version of dspam (which means logically, more secure), that can only act as a client to "dspam" running in daemon mode. Which means that one processes a message either with one-shot dspam (slow startup and databases opening), or with a dspam running as a daemon, sending messages to the lighter "dspamc" which is the client to the daemon. "dspam" comes sgid dspam, "dspamc" should as well. There's no reason why the first would be and not the 2nd. With the current package, calling "dspam" will work for any user, where calling "dspamc" won't, which is abnormal (for dspamc will be unable to read its config file). Here' calling dspamc will work only for the users dspam or root, or for a user which is part of the dspam group. This is unfortunate as several users need to be able to call it (MTA, MDA, Apache from the dspam web interface), plus any system user whot may need to retrain messages or learn spam/ham corpus manually. I don't see no issue putting "dspamc" sgid dspam where "dspam" already is. We're not talking of "suid root" here, and the dspam user has no specific overall rights on the system, just the right to access its own files.. I've used dspam for years now, so I believe I know quite well how it works ;-) Calling "dspamc" is functionally equivalent to calling "dspam --client", but the dspamc binary is much lighter. --- System information. --- Architecture: i386 Kernel: Linux 2.6.22-14-generic Debian Release: lenny/sid --- Package information. --- Depends (Version) | Installed ==============================-+-============== procmail | 3.22-16ubuntu3 OR sensible-mda | libc6 (>= 2.6-1) | 2.6.1-1ubuntu10 libdspam7 | 3.6.8-5ubuntu1 libldap2 (>= 2.1.17-1) | 2.1.30-13.4
--- debian/dspam-3.6.8/debian/dspam.postinst 2007-11-06 11:07:22.000000000 +0100
+++ dspam-3.6.8/debian/dspam.postinst 2007-11-06 10:00:58.479442546 +0100
@@ -25,6 +25,11 @@
dpkg-statoverride --update --add dspam dspam 2755 /usr/bin/dspam
fi
+ if ! dpkg-statoverride --list /usr/bin/dspamc >/dev/null
+ then
+ dpkg-statoverride --update --add dspam dspam 2755 /usr/bin/dspamc
+ fi
+
if ! dpkg-statoverride --list /var/spool/dspam >/dev/null
then
dpkg-statoverride --update --add dspam dspam 0770 /var/spool/dspam
--- debian/dspam-3.6.8/debian/dspam.postrm 2007-11-06 11:07:22.000000000 +0100
+++ dspam-3.6.8/debian/dspam.postrm 2007-11-06 10:01:23.978302793 +0100
@@ -6,6 +6,7 @@
for i in \
/etc/dspam/dspam.conf \
/usr/bin/dspam \
+ /usr/bin/dspamc \
/var/spool/dspam \
/var/spool/dspam/data \
/etc/dspam/default.prefs \
signature.asc
Description: This is a digitally signed message part.
