[linux-elitists] AOL says goodbye to AT&T/Comcast and residential mail spools
Sun Apr 13 21:14:28 PDT 2003
On Sun, 2003-04-13 at 21:39, Andrew wrote:
> > Are you using the daemon mode, or per-message invocation? Last time I
> > looked (a couple of months ago) the daemon mode was far too insecure
> > to consider, though that may have improved now.
> Daemon mode, although I was (am) not aware of any glaring insecurities...
> The machine has nobody but administrators logging on, which may be why I
> wasn't worried about local exploits.
There are not that I know of (though 2.60 certainly cleans up the
spamc/spamd communications a bit, and that might have been due to some
concerns about the protocol interaction). spamc is written in C, so it
does present the possibility of buffer overflows. The good thing is that
spamc is *very* simple. It doesn't really think about your mail, just
opens a socket and pumps it it, then reads it back. The rest is error
The "insecurities" that folks usually cite are those pointed out in the
man-pages. Essentially, you cannot let your users write rules that get
evaluated in daemon mode without providing them the chance to write
rules that do more than just check mail.
SA's solution? Users can't write rules while SA is running in daemon
mode, which is fine because security is the least of your worries if
users are writing rules on the fly (what if one of your users writes a
rule that requires massive amounts of backtracking?)
You can turn this feature off, in which case SA allows any user to get
access to the user account that spamd runs under. I don't do this on my
machine, but if you do, I suggest running spamd in a chroot environment,
and of course, never running it as root (duh).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030414/779056b8/attachment.pgp
More information about the linux-elitists