On Sun, 20 Dec 2009 19:50:29 +0200
Ismail YENIGUL <ismail.yeni...@endersys.com.tr> wrote:

> Stevan,
> 
Hallo Ismail,


> I my case, I am running it with qmail with 0755 mode as described at
> http://dspamwiki.expass.de/Installation/Qmail and I am not using WebUI.
> 
Any one here on the developer list using any variant of BSD and having an 
opinion regarding that case? I personally would say that a 2510 should be 
enough for most setups. Maybe some need 2511? And who should be the owner? 
root? Another one?


> Thanks.
> 
-- 
Kind Regards from Switzerland,

Stevan Bajić


> Sunday, December 20, 2009, 7:22:42 PM, you wrote:
> 
> > On Sun, 20 Dec 2009 19:11:49 +0200
> > Ismail YENIGUL <ismail.yeni...@endersys.com.tr> wrote:
> 
> >> Merhaba Stevan,
> >> 
> > Merhaba Arkadaş,
> 
> >> > On Paul's setup (he allowed me to look at it over SSH) I see the 
> >> > following:
> >> > -r-s--x---   1 root  mail    163K Dec 17 16:26 /usr/local/bin/dspam
> >> 
> >> > Is that normal on FreeBSD? The dspam binary is setuid to root?
> >> > Would it not be better (from a security viewpoint) to set it setgid?
> >> It is defined by DSPAM_MODE value in Makefile by Ion-Mihai
> >> 
> >> DSPAM_MODE?=    4510
> >> 
> >> From dspam/configure file
> >>   --with-dspam-mode=MODE  Set access mode for dspam binary, default 2510
> >> 
> >> Do you want me to set it 2510 by default?
> >> 
> > What I want is not so important. I just try to be constructive. It
> > does not have to be 2510. It can be whatever you want/need it to be.
> 
> > Are you running DSPAM on your setup with 4510? How do you run the
> > Web UI? Are you not concerned that a potential flaw in DSPAM could
> > have bigger negative impact on your system if you run the binary in
> > setuid? Already setgid is not always the best thing (security wise)
> > but setuid to root is even a bigger issue (at least that's what I think).
> 
> > At least you don't have that binary world executable. That's a good thing 
> > (IMHO).
> 
> > Why do you think setuid to root is needed? Have you any special
> > case where you can't without setuid?
> 
> 
> 
> >> Thanks.
> >> 
> 
> 
> 
> --
> Ismail YENIGUL
> Endersys Ltd.
> Proje Yöneticisi / Project Manager
> 
> Phone :+90 216-4709423 | Mobile:+90 533 747 36 65
> Fax   :+90 216-4709508 | web: http://www.endersys.com.tr
> Blog:  http://blog.endersys.com Twitter:  http://www.twitter.com/endersys 
> LPI: The #1 Linux Certification for IT Professionals
> LPI (Linux Professional Institute) Turkey http://www.lpi-turkey.com

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel

Reply via email to