http://bugzilla.spamassassin.org/show_bug.cgi?id=4506
Summary: spamd needs to call initgroups
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: minor
Priority: P5
Component: spamc/spamd
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
(moved from bug 4161, since that conflates 2 issues in one bugzilla report...)
Tatsuo Sekine reports:
------- Additional Comment #2 From Tatsuo Sekine 2005-03-01 18:12 [reply]
-------
I have still a problem.
I have no time to check the source code, but IMHO, we need initgroups()
after drop privilidge with setuid() in spamd.
I'm sharing bayes DB with group R/W permission
and without world wide R/W permission (2770)
That group is not my primaly group, so initgroups() should be
called before access it.
I don't like world wide readable/writable permission :-<
------- Additional Comment #3 From Tatsuo Sekine 2005-03-01 21:36 [reply]
-------
Sorry, but I was confused.
Firstly, I need initgroups() (, which is in C library).
According to "$perldoc perlvar" :
$) The effective gid of this process. If you are on a machine
that supports membership in multiple groups simultaneously,
gives a space separated list of groups you are in. The first
number is the one returned by getegid(), and the subsequent
ones by getgroups(), one of which may be the same as the first
number.
Probably, some people concern about security issue. So, IMHO, it
is best to add a configuration parameter to call/not call getgroups.
Anyway, I need "getgroups()" in spamc/{handle_user(),handle_user_with...()}
like:
$supplmental_groups = join(' ', getgroups());
$) = "$gid " . $supplemental_groups;
[...]
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
