Re: Bayes filter marking everything as ham

Wed, 01 Jun 2016 22:20:03 -0700 

On Wed, 1 Jun 2016, Peter Carlson wrote:
su -c... I'll keep in mind if I ever want to run the script manually. Although if I run it manually as root is there really a risk? Are there any known attacks? 

If they were known, we'd fix them... :)


I guess there could be some form of buffer overflow, or malformed 
content that causes SA to crash, but it's hard for me to imagine 
anything that could possible allow execution of some form of injected 
code.


You never know.


Or is this really just a case of "general best practices", "run as little as 
possible as root"?  (Please dont read anything into my questions, I am truly 
curious)



Yes. It's generally a bad idea to take the risk of processing data (or 
running programs) received from unknown sources as root. Best practice is 
to avoid doing so.



Peter

On 06/01/2016 09:11 PM, Reindl Harald wrote:


 Am 02.06.2016 um 05:06 schrieb Peter Carlson:
>  ok, after over 50 hours of trying to get this work, I finally have a
>  solution.
>  The first (certainly not the only) response that was helpful to the
>  specific problem I posted was:

> 
> >  If that actually *did* get hits on BAYES_00 in this scenario then you

> >  likely are not training the bayes database than SA is actually using.

> >  What user are you training Bayes as, and what user is SA running 
> >  under?

>  Both my sa-learn commands (manual and scripted) as well as SA pointed to
>  the correct db, however it turns out the training I did re-wrote the
>  ownership of the db files to root.  A little bit of user permission
>  adminning and that problem was solved.  sigh, way too many hours lost on
>  a permissions issue

 in other words you are running sa-learn as root while it faces by
 definition untrusted content from the web in case of spammails

 su -c "command" - username






--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  You know things are bad when Pravda says we [the USA] have gone
  too far to the left.                                 -- Joe Huffman
-----------------------------------------------------------------------
 5 days until the 72nd anniversary of D-Day























					Reply via email to