-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
dean gaudet writes:
> i wasn't ever fond of spamd trusting the User supplied by spamc -- and
> while identd is an OK hack for folks who run spamd on a network, it seems
> overkill for someone running spamd on localhost only. using unix domain
> sockets there are two ways to increase the paranoia -- one would be to
> pass credentials over the socket, the other is to use a setgid spamc and a
> group-restricted unix domain socket. credential passing isn't easily
> portable, so being lazy i've been using setgid spamc.
>
> in my setup i have group spamc, and the socket is in /var/run/spamd, and i
> set perms like so:
>
> -r-xr-s--x 1 root spamc 22164 Oct 26 23:21 /usr/bin/spamc
> drwxr-x--- 2 root spamc 4096 Oct 26 23:22 /var/run/spamd
> srw-rw-rw- 1 root root 0 Oct 26 23:22 /var/run/spamd/sock
>
> i stick the sock in a subdirectory which is group protected for historical
> reasons ... it's more portable -- older unixen didn't respect unix domain
> socket permissions... and prior to SA 3.0.0 i would have had to patch
> spamd to get perms on the socket correct.
>
> anyhow there's two more things to be done -- patch spamc to disable -u,
> and make it default to this socket (so my users don't need to know these
> details).
(a) the defaulting: almost definitely not.
(b) disable -u: we cannot apply it in its current form.
Both will break existing usage at other sites; some thought for backwards
compatibility is required before we could apply those to the distribution.
In particular, defaulting to only allowing -u for root would break
a *lot* of existing users running spamc from the MTA.
- --j.
> the patch i use is below, but i'd like to get something accepted upstream
> so that i could eventually use a pre-built .deb rather than building my
> own. the only part which needs generalizing is setting the default
> transport ... i suppose a config file or shell wrapper would solve it.
> (i don't like the shell wrapper because it messes with pre-packaged SA.)
>
> suggestions?
>
> -dean
>
> --- spamassassin-3.0.1/spamc/spamc.c.orig 2004-10-22 18:39:18.000000000
> -0700
> +++ spamassassin-3.0.1/spamc/spamc.c 2004-10-27 11:53:58.000000000 -0700
> @@ -277,6 +277,10 @@
> }
> case 'u':
> {
> + if (getuid() && getgid() != getegid()) {
> + printf("you are running setgid, and -u is permitted only
> when root\n");
> + ret = EX_USAGE;
> + }
> *username = optarg;
> break;
> }
> --- spamassassin-3.0.1/spamc/libspamc.c.orig 2004-10-22 18:39:18.000000000
> -0700
> +++ spamassassin-3.0.1/spamc/libspamc.c 2004-10-27 11:53:58.000000000
> -0700
> @@ -1124,8 +1124,13 @@
>
> memset(tp, 0, sizeof *tp);
>
> +#if 0
> tp->type = TRANSPORT_LOCALHOST;
> tp->port = 783;
> +#else
> + tp->type = TRANSPORT_UNIX;
> + tp->socketpath = "/var/run/spamd/sock";
> +#endif
> tp->flags = 0;
> }
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFBf/y1MJF5cimLx9ARAps0AKCwPzPtQYF1IQY8hR1wFGeve8esygCgqN2I
usoDkwn1LjRpWibh20zi4QM=
=ae+/
-----END PGP SIGNATURE-----
