http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5728
------- Additional Comments From [EMAIL PROTECTED] 2007-11-27 16:06 -------
(In reply to comment #7)
> (In reply to comment #6)
> > (In reply to comment #5)
> > > Now, does anyone have an opinion on whether we should be checking for -u
or that
> > > $> != 0?
> >
> > can you clarify?
>
> This whole section of code hurts my brain.
>
> I believe under the current code, you can't run
> "spamd --vpopmail" or "spamd --virtual-config-dir" as a non-root user. We
> specifically check to see if these options are used without the "--username"
> option and die.
>
> With my change, this also applies to "spamd --sql-config" and "spamd
--ldap-config".
>
> The quick fix (I think) is to wrap this code (and the like)
>
> if ( $opt{'vpopmail'} ) {
> if ( !$opt{'username'} ) {
> die "spamd: cannot use --vpopmail without -u\n";
> }
> }
>
> with an "if ($setuid_to_user) {}" or "if ($> == 0) {}" block.
I think it's ok, since $setuid_to_user is set to 1 if ($> != 0).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
