Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 May 2004 14:33:21 +0200 (CEST)
From:      rob@debank.tv
To:        "Oliver Eikemeier" <eikemeier@fillmore-labs.com>
Cc:        ports-committers@freebsd.org
Subject:   Re: cvs commit: ports/security/clamav-devel [...] pkg-install [...]
Message-ID:  <58221.193.79.18.58.1085488401.squirrel@debank.tv>
In-Reply-To: <40B32D9B.7060109@fillmore-labs.com>
References:  <200405242302.i4ON2NcJ063759@repoman.freebsd.org>          <ygehdu4ubgm.wl%ume@FreeBSD.org>       <52001.193.79.18.58.1085477488.squirrel@debank.tv>       <40B3167F.8060509@fillmore-labs.com>    <50813.193.79.18.58.1085479430.squirrel@debank.tv>    <40B31D4A.5080607@fillmore-labs.com> <61184.193.79.18.58.1085480636.squirrel@debank.tv> <40B32D9B.7060109@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> rob@debank.tv wrote:
>
>>>rob@debank.tv wrote:
>>
>>
>> --8<----
>> snipped
>> --8<----
>>
>>
>>>>>I still don't get the purpose of not allowing non-root processes
>>>>>to use clamav. This would break my exim installation, fortunately
>>>>>I'm using security/clamav, where this change hasn't been made.
>>>>>
>>>>>-Oliver
>>>>
>>>>Isn't there a security risk allowing every user to read the clamd
>>>> socket
>>>>?
>>>>(that's why I made this change).
>>>
>>>None that I would be aware of. Of course local users could run a
>>>denial-of-service
>>>attack using clamdscan, but I don't think this is an adequate counter
>>>measure.
>>>
>>>What made you think that having every user being able to read the clamd
>>>socket is a security risk?
>>>
>>>-Oliver
>>
>> Doesn't the scanned e-mail pass through the socket allowing every user
>> to
>> read all scanned e-mails ?
>
> No, that would be a really badly designed system. What made you think that
> this might be the case?
>
> -Oliver
>

I think I picked this up from google somewhere, but I guess I have to read
'UNIX network programming' ;-)
I'll submit a problem report which undo's the chmod, thanks for helping out !

Rob Evers

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58221.193.79.18.58.1085488401.squirrel>