Bug 3046 - spamd forces unix domain sockets to spamd user owned, mode 0666
Summary: spamd forces unix domain sockets to spamd user owned, mode 0666
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamc/spamd (show other bugs)
Version: 2.63
Hardware: Sun Linux
: P3 enhancement
Target Milestone: 3.0.0
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 3208
  Show dependency tree
 
Reported: 2004-02-14 11:49 UTC by Marc Horowitz
Modified: 2004-05-05 14:00 UTC (History)
1 user (show)


Attachment Type Modified Status Actions Submitter/CLA Status
this patch implements the enhancement request patch None Marc Horowitz [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Horowitz 2004-02-14 11:49:33 UTC 
The README.spamd (on my debian box) points out all the caveats of
running spamd as root if users can connect to it.  However, there's
99% of a reasonable mechanism to solve this problem already in place.
spamd and spamc can use a unix domain socket.  If I were to make the
socket owned by a particular user (cyrus is convenient for me) and
mode 600, I could run spamd as root, run spamc with the -u flag as
user cyrus (from postfix, in my setup), and have reasonable security
guarantees.

However, when spamd starts up, it unlinks the existing unix domain
socket, creates a new one as the spamd user, and then chmods it to
666!  I think it would be very useful in a future version of spamd to
have new flags to set the socket owner and mode (I propose
--socketowner, --socketgroup, and --socketmode).  In fact, I've
appended a patch which implements this.
Comment 1 Marc Horowitz 2004-02-14 11:51:46 UTC 
Created attachment 1776 [details]
this patch implements the enhancement request
Comment 2 Malte S. Stretz 2004-02-18 11:19:16 UTC 
Taking bug.
Comment 3 Justin Mason 2004-02-28 13:45:48 UTC 
btw why not just put the socket in a mode 0700 directory?
Comment 4 Marc Horowitz 2004-02-28 13:56:59 UTC 
Good question.  I suppose that would be sufficient, but it's a little more
convenient this way (I don't need to maintain a local hack to
init.d/spamassassin to create the directory if it doesn't exist).  I could get
around this by putting the socket in a directory outside of /var/run, but
/var/run is the obvious place to put this.
Comment 5 Daniel Quinlan 2004-04-28 15:03:38 UTC 
assigning back to -dev
Comment 6 Justin Mason 2004-05-05 22:00:33 UTC 
ok, just checked in a version of this.  didn't use the patch, but I did use the
same switch names ;)