Re: [maildropl] Re: maildrop/mysql, signal 0x0B (only with postfix)
Brought to you by:
mrsam
From: Tony E. <to...@bi...> - 2004-05-22 14:57:18
|
l=F8r, 22.05.2004 kl. 13.39 skrev Joris mak: [...] > Sooo... changed the owner of the maildrop binary to root, and set the += s > flag. Everything works fine now. >=20 > But setting setsuid, is that the correct thing todo? Maildrop - 1.6.3 w/LDAP support and called by dspam 2.10.6 out of Postfix 2.1 - has only ever worked properly for me with perms 6755 - suid/sgid. Same with dspam. As long as maildrop/dspam run on dedicated systems with no user shell access or vulnerable, network-accessible daemons, suid/sgid can't IMHO do much harm, but vulnerable daemons (proved buffer overflow, ASN.1 or other vulnerabilities such as user shell-access) would make suid/sgid questionable. I'd welcome any security expert's views on this. --Tonni --=20 We make out of the quarrel with others rhetoric but out of the quarrel with ourselves, poetry. mail: to...@bi... http://www.billy.demon.nl |