Re: [AMaViS-user] amavis-milter permissions [patch]

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Adam,

| FWIW I'd argue that running everything as one user comes with it's own
| set of security problems.  For example I like that `clamav' is in group
| `amavis' because it produces a one-way trust relationship from the
| former to the latter while it doesn't allow amavis the ability to write
| to the ClamAV virus patterns database.

I agree. Patch accepted, thanks.

|	!(StatBuf.st_mode & (S_IRWXU|S_IRGRP|S_IXGRP)))
shouldn't this be:
	(StatBuf.st_mode & ~(S_IRWXU|S_IRGRP|S_IXGRP)) )

| -    if ((priv->mlfi_fp = fopen(priv->mlfi_fname, "w+")) == NULL) {
| +    if ((priv->mlfi_fp = fopen(priv->mlfi_fname, "w+")) == NULL
| +       || fchmod(fileno(priv->mlfi_fp), S_IRUSR|S_IWUSR|S_IRGRP) == -1) {

The umask should have take cane of this, or perhaps:

    if ((priv->mlfi_fp = fopen(priv->mlfi_fname, "w+",
				S_IRUSR|S_IWUSR|S_IRGRP)) == NULL) {

Mark