Date: Wed, 17 Sep 2014 06:48:31 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 115957] Questionable ownership and security on mail/dspam Message-ID: <bug-115957-13-RokaRmKd8f@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-115957-13@https.bugs.freebsd.org/bugzilla/> References: <bug-115957-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=115957 danny@dannywarren.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |danny@dannywarren.com --- Comment #5 from danny@dannywarren.com --- Reviewing as per bug #193693, I propose we postpone this bug until after merging mail/dspam-devel in to mail/dspam. This is definitely still relevant and is important to fix for security reasons. I tried to go back through the commit history and find where it was changed to get some sort of backstory on why, but I must not have gone back far enough. There is some interesting semi-related stuff in bug #191797 applied to mail/dspam-devel, so we need to make sure that stuff survives the mail/dspam merge. Once the mail/dspam merge is done, we can try and figure out exactly *why* the default permissions are set this way. Someone must have been bumped up against something that failed when run as an unpriv'd user, right? We should also probably discuss what the most appropriate user/group would be. Do we create a new dspam/dspam? Do we use the sorta-standard vmail/vmail? -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-115957-13-RokaRmKd8f>