On Sun, 20 Dec 2009 19:11:49 +0200
Ismail YENIGUL <ismail.yeni...@endersys.com.tr> wrote:

> Merhaba Stevan,
> 
Merhaba Arkadaş,

> > On Paul's setup (he allowed me to look at it over SSH) I see the following:
> > -r-s--x---   1 root  mail    163K Dec 17 16:26 /usr/local/bin/dspam
> 
> > Is that normal on FreeBSD? The dspam binary is setuid to root?
> > Would it not be better (from a security viewpoint) to set it setgid?
> It is defined by DSPAM_MODE value in Makefile by Ion-Mihai
> 
> DSPAM_MODE?=    4510
> 
> From dspam/configure file
>   --with-dspam-mode=MODE  Set access mode for dspam binary, default 2510
> 
> Do you want me to set it 2510 by default?
> 
What I want is not so important. I just try to be constructive. It does not 
have to be 2510. It can be whatever you want/need it to be.

Are you running DSPAM on your setup with 4510? How do you run the Web UI? Are 
you not concerned that a potential flaw in DSPAM could have bigger negative 
impact on your system if you run the binary in setuid? Already setgid is not 
always the best thing (security wise) but setuid to root is even a bigger issue 
(at least that's what I think).

At least you don't have that binary world executable. That's a good thing 
(IMHO).

Why do you think setuid to root is needed? Have you any special case where you 
can't without setuid?



> Thanks.
> 
-- 
Kind Regards from Switzerland,

Stevan Bajić


> >> Thanks.
> >> 
> 
> 
> 
> --
> Ismail YENIGUL
> Endersys Ltd.
> Proje Yöneticisi / Project Manager
> 
> Phone :+90 216-4709423 | Mobile:+90 533 747 36 65
> Fax   :+90 216-4709508 | web: http://www.endersys.com.tr
> Blog:  http://blog.endersys.com Twitter:  http://www.twitter.com/endersys 
> LPI: The #1 Linux Certification for IT Professionals
> LPI (Linux Professional Institute) Turkey http://www.lpi-turkey.com

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel

Reply via email to