On Sun, 20 Dec 2009 19:50:29 +0200 Ismail YENIGUL <ismail.yeni...@endersys.com.tr> wrote:
> Stevan, > Hallo Ismail, > I my case, I am running it with qmail with 0755 mode as described at > http://dspamwiki.expass.de/Installation/Qmail and I am not using WebUI. > Any one here on the developer list using any variant of BSD and having an opinion regarding that case? I personally would say that a 2510 should be enough for most setups. Maybe some need 2511? And who should be the owner? root? Another one? > Thanks. > -- Kind Regards from Switzerland, Stevan Bajić > Sunday, December 20, 2009, 7:22:42 PM, you wrote: > > > On Sun, 20 Dec 2009 19:11:49 +0200 > > Ismail YENIGUL <ismail.yeni...@endersys.com.tr> wrote: > > >> Merhaba Stevan, > >> > > Merhaba Arkadaş, > > >> > On Paul's setup (he allowed me to look at it over SSH) I see the > >> > following: > >> > -r-s--x--- 1 root mail 163K Dec 17 16:26 /usr/local/bin/dspam > >> > >> > Is that normal on FreeBSD? The dspam binary is setuid to root? > >> > Would it not be better (from a security viewpoint) to set it setgid? > >> It is defined by DSPAM_MODE value in Makefile by Ion-Mihai > >> > >> DSPAM_MODE?= 4510 > >> > >> From dspam/configure file > >> --with-dspam-mode=MODE Set access mode for dspam binary, default 2510 > >> > >> Do you want me to set it 2510 by default? > >> > > What I want is not so important. I just try to be constructive. It > > does not have to be 2510. It can be whatever you want/need it to be. > > > Are you running DSPAM on your setup with 4510? How do you run the > > Web UI? Are you not concerned that a potential flaw in DSPAM could > > have bigger negative impact on your system if you run the binary in > > setuid? Already setgid is not always the best thing (security wise) > > but setuid to root is even a bigger issue (at least that's what I think). > > > At least you don't have that binary world executable. That's a good thing > > (IMHO). > > > Why do you think setuid to root is needed? Have you any special > > case where you can't without setuid? > > > > >> Thanks. > >> > > > > -- > Ismail YENIGUL > Endersys Ltd. > Proje Yöneticisi / Project Manager > > Phone :+90 216-4709423 | Mobile:+90 533 747 36 65 > Fax :+90 216-4709508 | web: http://www.endersys.com.tr > Blog: http://blog.endersys.com Twitter: http://www.twitter.com/endersys > LPI: The #1 Linux Certification for IT Professionals > LPI (Linux Professional Institute) Turkey http://www.lpi-turkey.com ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Dspam-devel mailing list Dspam-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-devel
