https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6994
--- Comment #3 from linda w <[email protected]> --- If you are going to test for it and claim There is functionality in the AWL allowing the user to specify a file_mode so the test needs to stay. I'm pointing out that this can pass in your test directory but FAIL when it is installed on a system, since the permissions on the test directory can be "cleared" so the test will pass, but any user who has ACL's on their dir will NOT have this functionality. The point I'm trying to make is that it isn't just about installing -- that can be easily worked around -- but that you are providing that test as a guarantee of some security feature -- and that guarantee CAN'T be guaranteed on any file system that supports ACL's. Saying you won't fix a security bug and are claiming the ability to set file perms on their DB "works" because this test passes when the test dir usually WON'T be where they have their db's installed, is really not a good thing to be saying, if you see what I mean. Is that really how you want to resolve this? I've already worked around the problem for my install, but the test is bogus, which is why I thought not promising anything might be a better short term solution. Longer term... I don't know if chmod might not override the ACL's default umask won't), or, at worst -- using chacl to delete or modify acls if they are detected -- but that is more investigation. Short term, it would be best not to give impression of security features that are broken. -- You are receiving this mail because: You are the assignee for the bug.
