From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Sep 17 06:48:31 2014 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5A6A257C for ; Wed, 17 Sep 2014 06:48:31 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 41742E7B for ; Wed, 17 Sep 2014 06:48:31 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id s8H6mVMc079596 for ; Wed, 17 Sep 2014 06:48:31 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 115957] Questionable ownership and security on mail/dspam Date: Wed, 17 Sep 2014 06:48:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports Tree X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: danny@dannywarren.com X-Bugzilla-Status: In Discussion X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2014 06:48:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=115957 danny@dannywarren.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |danny@dannywarren.com --- Comment #5 from danny@dannywarren.com --- Reviewing as per bug #193693, I propose we postpone this bug until after merging mail/dspam-devel in to mail/dspam. This is definitely still relevant and is important to fix for security reasons. I tried to go back through the commit history and find where it was changed to get some sort of backstory on why, but I must not have gone back far enough. There is some interesting semi-related stuff in bug #191797 applied to mail/dspam-devel, so we need to make sure that stuff survives the mail/dspam merge. Once the mail/dspam merge is done, we can try and figure out exactly *why* the default permissions are set this way. Someone must have been bumped up against something that failed when run as an unpriv'd user, right? We should also probably discuss what the most appropriate user/group would be. Do we create a new dspam/dspam? Do we use the sorta-standard vmail/vmail? -- You are receiving this mail because: You are the assignee for the bug.