On 16.02.2012 18:31, Nathanael D. Noblet wrote: > On 02/16/2012 10:04 AM, Stevan Bajić wrote: >> On Thu, 16 Feb 2012 09:36:48 -0700, Nathanael D. Noblet wrote: >>> Hello, >>> >> Hello Nathanael, >> >> >>> So I just noticed that dspam in daemon mode in fedora fails to >>> start >>> by default because it attempts to bind to port 24 as an unprivileged >>> user. I'm just verifying that this is intended behaviour? I would >>> normally expect dspam to bind to port 24, then drop privs. Am I >>> mistaken >>> >> you are mistaken. > > Why doesn't DSPAM act in this way? It is coded that way.
> Many daemon's I know do this like apache, postfix etc... don't they? > Yes they do. They start first as a privileged user and start whatever is needed under another (less privileged) user. > >>> or is this a bug? >>> >> It is not a bug since DSPAM never did that in the past. >> >> > > So is DSPAM not intended to run as an unprivileged user? You have to make a difference here. The client can run under whatever user you like. The daemon can as well run under whatever user you like BUT if you want to bind to an TCP/IP port below 1024 then you need to use a privileged user. > The default install is to bind to port 24. Is this the default? I have to look. I usually run the daemon on a file socket where I don't have to care about privileged or not privileged user. > Should I just patch the default config to use a port > 1024? > Depends. If some one wants to run DSPAM in relay mode then I don't see a way around running as a privileged user or at least an user that can run in listen mode on port 24 or 25. If all what you want is to run DSPAM as daemon then I really, really, really would suggest to switch to file sockets since this is saving you a lot of trouble and on top makes communication slightly faster than using TCP/IP sockets. > Even if it isn't a bug persay as dspam hasn't functioned this way in > the past.. should it be a requested feature? > My personal answer? YES! It's a shame that we have not implemented that. We can count ourself lucky that in all those years no one has found an exploitable issue in DSPAM. This might be luck but could be as well a sign of good code quality. Anyway... whatever the reason is... running as unprivileged user is way better than hoping no one finds an issue or expecting to have still luck in the future regarding that issue. -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
