cvs commit: ports/security/clamav-devel [...] pkg-install [...]
rob at debank.tv
rob at debank.tv
Tue May 25 03:24:03 PDT 2004
> rob at debank.tv wrote:
--8<----
snipped
--8<----
>>>I still don't get the purpose of not allowing non-root processes
>>>to use clamav. This would break my exim installation, fortunately
>>>I'm using security/clamav, where this change hasn't been made.
>>>
>>>-Oliver
>>
>> Isn't there a security risk allowing every user to read the clamd socket
>> ?
>> (that's why I made this change).
>
> None that I would be aware of. Of course local users could run a
> denial-of-service
> attack using clamdscan, but I don't think this is an adequate counter
> measure.
>
> What made you think that having every user being able to read the clamd
> socket is a security risk?
>
> -Oliver
>
Doesn't the scanned e-mail pass through the socket allowing every user to
read all scanned e-mails ?
(I could be very wrong here)
Rob
More information about the cvs-ports
mailing list