[Pkg-dspam-misc] Bug#488924: dspam-webfrontend: Web frontend totally unusable due to SuExec minimal UID change from 100 to 1000
Adrien CLERC
adrien at antipoul.fr
Wed Jul 2 06:07:21 UTC 2008
Package: dspam-webfrontend
Version: 3.6.8-8
Severity: grave
Justification: renders package unusable
Hi !
I've just upgraded apache2, and the suexec wrapper has now its own
packages : apache2-suexec for a non configurable one, and
apache2-suexec-custom for a configurable version. The config file only
contains root dir and user dir for the suexec wrapper.
The important thing is in the NEWS file of the suexec package :
"Also, the minimum userid that suexec is allowed to change to is now set
"to 1000 (from 100), to disallow system users."
Great, but the only way I've found to use the dspam web ui is to run it
with the suexec module as the dspam user, and it has the 102 id number.
I really don't know if I have to report it to the dspam or apache2
package... But feel free to reaffect it to the team of your choice :)
Have a nice day !
Adrien Clerc
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dspam-webfrontend depends on:
ii dspam 3.6.8-8 is a scalable, fast and
statistica
ii libgd-gd2-noxpm-perl 1:2.35-1+b1 Perl module wrapper for
libgd - gd
ii libgd-graph3d-perl 0.63-3 Create 3D Graphs with GD
and GD::G
dspam-webfrontend recommends no packages.
-- no debconf information
More information about the Pkg-dspam-misc
mailing list