cvs commit: ports/security/clamav-devel [...] pkg-install [...]
rob at debank.tv
rob at debank.tv
Tue May 25 05:33:48 PDT 2004
> rob at debank.tv wrote:
>
>>>rob at debank.tv wrote:
>>
>>
>> --8<----
>> snipped
>> --8<----
>>
>>
>>>>>I still don't get the purpose of not allowing non-root processes
>>>>>to use clamav. This would break my exim installation, fortunately
>>>>>I'm using security/clamav, where this change hasn't been made.
>>>>>
>>>>>-Oliver
>>>>
>>>>Isn't there a security risk allowing every user to read the clamd
>>>> socket
>>>>?
>>>>(that's why I made this change).
>>>
>>>None that I would be aware of. Of course local users could run a
>>>denial-of-service
>>>attack using clamdscan, but I don't think this is an adequate counter
>>>measure.
>>>
>>>What made you think that having every user being able to read the clamd
>>>socket is a security risk?
>>>
>>>-Oliver
>>
>> Doesn't the scanned e-mail pass through the socket allowing every user
>> to
>> read all scanned e-mails ?
>
> No, that would be a really badly designed system. What made you think that
> this might be the case?
>
> -Oliver
>
I think I picked this up from google somewhere, but I guess I have to read
'UNIX network programming' ;-)
I'll submit a problem report which undo's the chmod, thanks for helping out !
Rob Evers
More information about the cvs-ports
mailing list