Re: [Dspam-devel] [Dspam-user] train method

Sun, 20 Dec 2009 09:53:00 -0800 

Stevan,

I my case, I am running it with qmail with 0755 mode as described at
http://dspamwiki.expass.de/Installation/Qmail and I am not using WebUI.



Thanks.

Sunday, December 20, 2009, 7:22:42 PM, you wrote:

> On Sun, 20 Dec 2009 19:11:49 +0200
> Ismail YENIGUL <ismail.yeni...@endersys.com.tr> wrote:

>> Merhaba Stevan,
>> 
> Merhaba Arkadaş,

>> > On Paul's setup (he allowed me to look at it over SSH) I see the following:
>> > -r-s--x---   1 root  mail    163K Dec 17 16:26 /usr/local/bin/dspam
>> 
>> > Is that normal on FreeBSD? The dspam binary is setuid to root?
>> > Would it not be better (from a security viewpoint) to set it setgid?
>> It is defined by DSPAM_MODE value in Makefile by Ion-Mihai
>> 
>> DSPAM_MODE?=    4510
>> 
>> From dspam/configure file
>>   --with-dspam-mode=MODE  Set access mode for dspam binary, default 2510
>> 
>> Do you want me to set it 2510 by default?
>> 
> What I want is not so important. I just try to be constructive. It
> does not have to be 2510. It can be whatever you want/need it to be.

> Are you running DSPAM on your setup with 4510? How do you run the
> Web UI? Are you not concerned that a potential flaw in DSPAM could
> have bigger negative impact on your system if you run the binary in
> setuid? Already setgid is not always the best thing (security wise)
> but setuid to root is even a bigger issue (at least that's what I think).

> At least you don't have that binary world executable. That's a good thing 
> (IMHO).

> Why do you think setuid to root is needed? Have you any special
> case where you can't without setuid?



>> Thanks.
>> 



--
Ismail YENIGUL
Endersys Ltd.
Proje Yöneticisi / Project Manager

Phone :+90 216-4709423 | Mobile:+90 533 747 36 65
Fax   :+90 216-4709508 | web: http://www.endersys.com.tr
Blog:  http://blog.endersys.com Twitter:  http://www.twitter.com/endersys 
LPI: The #1 Linux Certification for IT Professionals
LPI (Linux Professional Institute) Turkey http://www.lpi-turkey.com
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel

Reply via email to