Bug#369886: [Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches
for a couple of bugs.
Matthijs Mohlmann
matthijs at cacholong.nl
Wed Jun 21 19:13:57 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel Kahn Gillmor wrote:
> On June 21, matthijs at cacholong.nl said:
>
> > Daniel Kahn Gillmor wrote:
> > > > >
> > > > > 0) jonz seemed unconvinced [1] that dropping privileges in the way i
> > > > > suggested would be sufficiently secure to avoid exploitation
> > > > > (though i confess i didn't understand his argument)
> > > > >
> > Do you have a pointer to his explanation ? And yours ?
>
> there wasn't as much in-depth discussion about the technical merit of
> the patch as i would have liked. What there was was on dspam-dev,
> which should be visible through gmane here (i tried to provide these
> links in the previous e-mail, but they may not have come through):
>
> http://news.gmane.org/find-root.php?message_id=%3c17515.39819.64753.124171%40localhost.localdomain%3e
> http://news.gmane.org/find-root.php?message_id=%3cB26CB601%2d821B%2d4B16%2d88CD%2dF8E29F9BAF49%40nuclearelephant.com%3e
>
Thank you, I've read the discussion. Jonz is talking about remote code
execution, but if you are dropping privileges and you are, then I don't
see a security problem. So I'm wondering where he sees the security
problem...
> afaik, the earliest request for this feature was on dspam-users:
>
> http://dspam.nuclearelephant.com/dspam-users/2736.html
>
> > The source of dspam is released under the GPLv2, so it won't give a
> > problem to apply a patch that is offered under the GPL.
>
> That's my understanding as well.
>
> > I like your patch and your proposal, and would like to see this in
> > Debian, but doesn't this interfere with the patch:
> > add-config-dir.dpatch ?
>
> i don't think they interfere with each other. Both patches apply
> cleanly together (allow-alternate-config.dpatch goes at the end of
> d/p/00list), and they have orthogonal functionality:
>
> - add-config-dir allows you to "Include" other directories from your
> config file, wherever it is located.
>
Ah fine, I could know that myself.
> - allow-alternate-config allows a dspam user to specify an entirely
> different config file (which may itself use "Include" directives,
> thanks to add-config-dir) instead of the default one.
>
> > And is there a possibility to write some documentation around it
> > (in NEWS.Debian or README.Debian for example ?
>
> I'd be happy to. Something short and sweet would be good to encourage
> folks to actually read it :) I'm not sure whether it warrants an entry
> in NEWS, but i'll defer to more experienced packagers on that. How
> about:
>
> ---------------------------
>
> As of version $(insert version here), debian's dspam packages allow
> the user to select an alternate configuration file at runtime, which
> should be indicated by name through the DSPAM_CONF environment
> variable. This is useful for (among other things) running multiple
> parallel daemons or individual users setting up their own classifier
> instances. For example (in bash):
>
> $ DSPAM_CONF=~/my-classifier/dspam.conf dspam_stats testerX
>
> For security reasons, use of an alternate config file will cause any
> setuid binary to drop privileges. Therefore, any use of dspam which
> relies on the setuid nature of the binary (e.g. updating the host's
> centralized data store as a non-privileged user) *must not* use an
> alternate config file (i.e. make sure that DSPAM_CONF is unset).
>
> ---------------------------
>
> meh. still too long, i think. i welcome edits.
>
Let me think about it, I've not a direct edit for you.
> Regards,
>
> --dkg
>
Regards,
Matthijs Mohlmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEmZp02n1ROIkXqbARAm9rAJoDgrEoQxVbR0pn/4sodtVPag0LbACfeqtp
o3Q1nD47TmAt902Vrwvuf+4=
=q0TA
-----END PGP SIGNATURE-----
More information about the Pkg-dspam-misc
mailing list