[Pkg-dspam-misc] Bug#394443: dspam doesn't work when run as non-privileged users
Jörg Sommer
joerg at alea.gnuu.de
Mon Apr 14 17:15:39 UTC 2008
Hallo,
Martin Steigerwald schrieb am Sat 21. Oct, 12:04 (+0200):
> Package: dspam
> Version: 3.6.8-4
Version 3.6.8-8
> Severity: important
>
> Instead of compiling my own dspam I decided to use the latest debian
> package.
>
> First I fixed lots of permissions problems: Although dspam executable
> is set gid like this
>
> deepdance:~> ls -l /usr/bin/dspam
> -rwxr-sr-x 1 dspam dspam 92196 2006-10-19 22:54 /usr/bin/dspam
>
> It can't read /etc/dspam/dspam.config unless I do chmod a+r on it.
>
> brk(0) = 0x805f000
> brk(0x8080000) = 0x8080000
> umask(06) = 022
> open("/etc/dspam/dspam.conf", O_RDONLY) = -1 EACCES (Permission denied)
No, this is a problem of strace or better a security feature. strace uses
debugging stuff to examine processes and a process that is examined with
debugging stuff drops all it's privileges. You can't examine suid and
sgid processes with strace (and ltrace).
> It also cannot write to /var/spool/dspam unless I do chmod a+rwx on it.
Same reason.
> I did dspam_stats -H martin and fixed permissions again.
This is a bug in the package. dspam_stats must get the sgid bit, too.
> Then I also created missing directories
>
> mkdir -p /var/spool/dspam/opt-in/local/martin.dspam
> chmod -R a+rwx /var/spool/dspam/opt-in/
> mkdir -p /var/spool/dspam/opt-out/local/martin.dspam
> chmod -R a+rwx /var/spool/dspam/opt-out/
It was enough at me to change owner and group of these directories to
dspam:dspam, but I had to create them.
> Then I even copied a prefs file so fix the last error in strace:
> cp -a /etc/dspam/default.prefs /var/spool/dspam/data/local/martin/martin.prefs
That wasn't necessary at me.
Bye, Jörg.
--
Dummheit anprangern ist ungefährlich, weil sich niemand angegriffen fühlt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature http://en.wikipedia.org/wiki/OpenPGP
Url : http://lists.alioth.debian.org/pipermail/pkg-dspam-misc/attachments/20080414/ced79c89/attachment.pgp
More information about the Pkg-dspam-misc
mailing list