From owner-cvs-ports@FreeBSD.ORG Tue May 25 05:33:48 2004 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E33316A4CE; Tue, 25 May 2004 05:33:48 -0700 (PDT) Received: from flappie.debank.tv (flappie.debank.tv [212.206.127.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id E496A43D31; Tue, 25 May 2004 05:33:45 -0700 (PDT) (envelope-from rob@debank.tv) Received: from localhost (localhost.debank.tv [127.0.0.1]) by flappie.debank.tv (Postfix) with ESMTP id 1979A5377; Tue, 25 May 2004 14:33:30 +0200 (CEST) Received: from flappie.debank.tv ([127.0.0.1]) by localhost (flappie.debank.tv [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 61215-01; Tue, 25 May 2004 14:33:23 +0200 (CEST) Received: by flappie.debank.tv (Postfix, from userid 80) id 7DAB552BC; Tue, 25 May 2004 14:33:21 +0200 (CEST) Received: from 193.79.18.58 (SquirrelMail authenticated user rob@debank.tv) by debank.tv with HTTP; Tue, 25 May 2004 14:33:21 +0200 (CEST) Message-ID: <58221.193.79.18.58.1085488401.squirrel@debank.tv> In-Reply-To: <40B32D9B.7060109@fillmore-labs.com> References: <200405242302.i4ON2NcJ063759@repoman.freebsd.org> <52001.193.79.18.58.1085477488.squirrel@debank.tv> <40B3167F.8060509@fillmore-labs.com> <50813.193.79.18.58.1085479430.squirrel@debank.tv> <40B31D4A.5080607@fillmore-labs.com> <61184.193.79.18.58.1085480636.squirrel@debank.tv> <40B32D9B.7060109@fillmore-labs.com> Date: Tue, 25 May 2004 14:33:21 +0200 (CEST) From: rob@debank.tv To: "Oliver Eikemeier" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-Virus-Scanned: by amavisd-new at debank.tv cc: rob@debank.tv cc: cvs-ports@freebsd.org cc: Pav Lucistnik cc: Hajimu UMEMOTO cc: ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/clamav-devel [...] pkg-install [...] X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 May 2004 12:33:48 -0000 > rob@debank.tv wrote: > >>>rob@debank.tv wrote: >> >> >> --8<---- >> snipped >> --8<---- >> >> >>>>>I still don't get the purpose of not allowing non-root processes >>>>>to use clamav. This would break my exim installation, fortunately >>>>>I'm using security/clamav, where this change hasn't been made. >>>>> >>>>>-Oliver >>>> >>>>Isn't there a security risk allowing every user to read the clamd >>>> socket >>>>? >>>>(that's why I made this change). >>> >>>None that I would be aware of. Of course local users could run a >>>denial-of-service >>>attack using clamdscan, but I don't think this is an adequate counter >>>measure. >>> >>>What made you think that having every user being able to read the clamd >>>socket is a security risk? >>> >>>-Oliver >> >> Doesn't the scanned e-mail pass through the socket allowing every user >> to >> read all scanned e-mails ? > > No, that would be a really badly designed system. What made you think that > this might be the case? > > -Oliver > I think I picked this up from google somewhere, but I guess I have to read 'UNIX network programming' ;-) I'll submit a problem report which undo's the chmod, thanks for helping out ! Rob Evers