cvs commit: ports/security/clamav-devel [...] pkg-install [...]
eikemeier at fillmore-labs.com
Tue May 25 04:27:32 PDT 2004
rob at debank.tv wrote:
>>rob at debank.tv wrote:
>>>>I still don't get the purpose of not allowing non-root processes
>>>>to use clamav. This would break my exim installation, fortunately
>>>>I'm using security/clamav, where this change hasn't been made.
>>>Isn't there a security risk allowing every user to read the clamd socket
>>>(that's why I made this change).
>>None that I would be aware of. Of course local users could run a
>>attack using clamdscan, but I don't think this is an adequate counter
>>What made you think that having every user being able to read the clamd
>>socket is a security risk?
> Doesn't the scanned e-mail pass through the socket allowing every user to
> read all scanned e-mails ?
No, that would be a really badly designed system. What made you think that
this might be the case?
More information about the cvs-ports