cvs commit: ports/security/clamav-devel [...] pkg-install [...]
Oliver Eikemeier
eikemeier at fillmore-labs.com
Tue May 25 04:27:32 PDT 2004
rob at debank.tv wrote:
>>rob at debank.tv wrote:
>
>
> --8<----
> snipped
> --8<----
>
>
>>>>I still don't get the purpose of not allowing non-root processes
>>>>to use clamav. This would break my exim installation, fortunately
>>>>I'm using security/clamav, where this change hasn't been made.
>>>>
>>>>-Oliver
>>>
>>>Isn't there a security risk allowing every user to read the clamd socket
>>>?
>>>(that's why I made this change).
>>
>>None that I would be aware of. Of course local users could run a
>>denial-of-service
>>attack using clamdscan, but I don't think this is an adequate counter
>>measure.
>>
>>What made you think that having every user being able to read the clamd
>>socket is a security risk?
>>
>>-Oliver
>
> Doesn't the scanned e-mail pass through the socket allowing every user to
> read all scanned e-mails ?
No, that would be a really badly designed system. What made you think that
this might be the case?
-Oliver
More information about the cvs-ports
mailing list