[patch] extra paranoia using unix domain sockets

27 Oct 2004 19:16:15 -0000 

i wasn't ever fond of spamd trusting the User supplied by spamc -- and 
while identd is an OK hack for folks who run spamd on a network, it seems 
overkill for someone running spamd on localhost only.  using unix domain 
sockets there are two ways to increase the paranoia -- one would be to 
pass credentials over the socket, the other is to use a setgid spamc and a 
group-restricted unix domain socket.  credential passing isn't easily 
portable, so being lazy i've been using setgid spamc.

in my setup i have group spamc, and the socket is in /var/run/spamd, and i 
set perms like so:

-r-xr-s--x  1 root spamc 22164 Oct 26 23:21 /usr/bin/spamc
drwxr-x---  2 root spamc  4096 Oct 26 23:22 /var/run/spamd
srw-rw-rw-  1 root root      0 Oct 26 23:22 /var/run/spamd/sock

i stick the sock in a subdirectory which is group protected for historical 
reasons ... it's more portable -- older unixen didn't respect unix domain 
socket permissions... and prior to SA 3.0.0 i would have had to patch 
spamd to get perms on the socket correct.

anyhow there's two more things to be done -- patch spamc to disable -u, 
and make it default to this socket (so my users don't need to know these 
details).

the patch i use is below, but i'd like to get something accepted upstream 
so that i could eventually use a pre-built .deb rather than building my 
own.  the only part which needs generalizing is setting the default 
transport ... i suppose a config file or shell wrapper would solve it.  
(i don't like the shell wrapper because it messes with pre-packaged SA.)

suggestions?

-dean

--- spamassassin-3.0.1/spamc/spamc.c.orig       2004-10-22 18:39:18.000000000 
-0700
+++ spamassassin-3.0.1/spamc/spamc.c    2004-10-27 11:53:58.000000000 -0700
@@ -277,6 +277,10 @@
             }
             case 'u':
             {
+               if (getuid() && getgid() != getegid()) {
+                   printf("you are running setgid, and -u is permitted only 
when root\n");
+                   ret = EX_USAGE;
+               }
                 *username = optarg;
                 break;
             }
--- spamassassin-3.0.1/spamc/libspamc.c.orig    2004-10-22 18:39:18.000000000 
-0700
+++ spamassassin-3.0.1/spamc/libspamc.c 2004-10-27 11:53:58.000000000 -0700
@@ -1124,8 +1124,13 @@
 
     memset(tp, 0, sizeof *tp);
 
+#if 0
     tp->type = TRANSPORT_LOCALHOST;
     tp->port = 783;
+#else
+    tp->type       = TRANSPORT_UNIX;
+    tp->socketpath = "/var/run/spamd/sock";
+#endif
     tp->flags = 0;
 }

Reply via email to