On Mon, Feb 23, 2004 at 02:26:32PM -0800, Eric Kolve wrote: > I assume something like this is really only a risk if you run spamd as > root and enable local user configuration. Is this exploit known about? > or rather, does it even exist (I could be missing something protecting > against this)?
Well, it's a risk if you run spamd and let users call it at all imo.
That's why user defined rules are disabled by default and the docs warn
of large security issues if you do enable them.
--
Randomly Generated Tagline:
Ah, sweet pity: where would my love life have been without it?
-- Homer Simpson
I Love Lisa
pgpPZ5egRtLrW.pgp
Description: PGP signature
