From owner-cvs-ports@FreeBSD.ORG  Tue May 25 04:27:31 2004
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id E8E2E16A4CE; Tue, 25 May 2004 04:27:31 -0700 (PDT)
Received: from fillmore.dyndns.org (port-212-202-49-130.reverse.qsc.de
	[212.202.49.130])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8E43243D49; Tue, 25 May 2004 04:27:31 -0700 (PDT)
	(envelope-from eikemeier@fillmore-labs.com)
Received: from [172.16.0.2] (helo=fillmore-labs.com)
	by fillmore.dyndns.org with esmtp (Exim 4.34; FreeBSD)
	id 1BSa5b-0005Bb-6d; Tue, 25 May 2004 13:27:24 +0200
Message-ID: <40B32D9B.7060109@fillmore-labs.com>
Date: Tue, 25 May 2004 13:27:23 +0200
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Organization: Fillmore Labs GmbH - http://www.fillmore-labs.com/
MIME-Version: 1.0
To: rob@debank.tv
References: <200405242302.i4ON2NcJ063759@repoman.freebsd.org>
	<ygehdu4ubgm.wl%ume@FreeBSD.org>
	<52001.193.79.18.58.1085477488.squirrel@debank.tv>
	<40B3167F.8060509@fillmore-labs.com>
	<50813.193.79.18.58.1085479430.squirrel@debank.tv>
	<40B31D4A.5080607@fillmore-labs.com>
	<61184.193.79.18.58.1085480636.squirrel@debank.tv>
In-Reply-To: <61184.193.79.18.58.1085480636.squirrel@debank.tv>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
User-Agent: KMail/1.5.9
cc: cvs-ports@freebsd.org
cc: Pav Lucistnik <pav@freebsd.org>
cc: Hajimu UMEMOTO <ume@freebsd.org>
cc: ports-committers@freebsd.org
Subject: Re: cvs commit: ports/security/clamav-devel [...] pkg-install [...]
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2004 11:27:32 -0000

rob@debank.tv wrote:

>>rob@debank.tv wrote:
> 
> 
> --8<----
> snipped
> --8<----
> 
> 
>>>>I still don't get the purpose of not allowing non-root processes
>>>>to use clamav. This would break my exim installation, fortunately
>>>>I'm using security/clamav, where this change hasn't been made.
>>>>
>>>>-Oliver
>>>
>>>Isn't there a security risk allowing every user to read the clamd socket
>>>?
>>>(that's why I made this change).
>>
>>None that I would be aware of. Of course local users could run a
>>denial-of-service
>>attack using clamdscan, but I don't think this is an adequate counter
>>measure.
>>
>>What made you think that having every user being able to read the clamd
>>socket is a security risk?
>>
>>-Oliver
> 
> Doesn't the scanned e-mail pass through the socket allowing every user to
> read all scanned e-mails ?

No, that would be a really badly designed system. What made you think that
this might be the case?

-Oliver