On Sun, 20 Dec 2009 19:11:49 +0200 Ismail YENIGUL <ismail.yeni...@endersys.com.tr> wrote:
> Merhaba Stevan, > Merhaba Arkadaş, > > On Paul's setup (he allowed me to look at it over SSH) I see the following: > > -r-s--x--- 1 root mail 163K Dec 17 16:26 /usr/local/bin/dspam > > > Is that normal on FreeBSD? The dspam binary is setuid to root? > > Would it not be better (from a security viewpoint) to set it setgid? > It is defined by DSPAM_MODE value in Makefile by Ion-Mihai > > DSPAM_MODE?= 4510 > > From dspam/configure file > --with-dspam-mode=MODE Set access mode for dspam binary, default 2510 > > Do you want me to set it 2510 by default? > What I want is not so important. I just try to be constructive. It does not have to be 2510. It can be whatever you want/need it to be. Are you running DSPAM on your setup with 4510? How do you run the Web UI? Are you not concerned that a potential flaw in DSPAM could have bigger negative impact on your system if you run the binary in setuid? Already setgid is not always the best thing (security wise) but setuid to root is even a bigger issue (at least that's what I think). At least you don't have that binary world executable. That's a good thing (IMHO). Why do you think setuid to root is needed? Have you any special case where you can't without setuid? > Thanks. > -- Kind Regards from Switzerland, Stevan Bajić > >> Thanks. > >> > > > > -- > Ismail YENIGUL > Endersys Ltd. > Proje Yöneticisi / Project Manager > > Phone :+90 216-4709423 | Mobile:+90 533 747 36 65 > Fax :+90 216-4709508 | web: http://www.endersys.com.tr > Blog: http://blog.endersys.com Twitter: http://www.twitter.com/endersys > LPI: The #1 Linux Certification for IT Professionals > LPI (Linux Professional Institute) Turkey http://www.lpi-turkey.com ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Dspam-devel mailing list Dspam-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-devel
