[Pkg-clamav-devel] Bug#636877: Bug#636877: /etc/default/clamav-milter no longer used
Scott Kitterman
debian at kitterman.com
Fri Mar 14 19:08:41 UTC 2014
On Friday, March 14, 2014 08:52:03 Sebastian Andrzej Siewior wrote:
> On 2014-03-13 19:37:22 [-0400], Scott Kitterman wrote:
> > Does it drop privileges itself somehow? Given clamav's security history
> > and what it does, I don't think running as root is a good idea.
> Yes it does but only if you specify "User" in clamav-milter.conf. I could
> alter it to refuse to start if it remains as root.
In principle, we could check during configure if a User was specified in the
.conf (and set it if it wasn't). That would be, I believe, a sane transition
from starting as user to starting as root and letting the milter itself drop
privs.
I don't think it should refuse to start as root. If the user actively works
at shooting themselves in the foot, then it isn't our job to stop them. We
mostly need to find a sane default.
Please (probably via bugzilla) see if you can get an upstream review of the
patch. Failing that, sgran could likely do it, but there'll be some latency
there since he's very busy with other stuff.
Scott K
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20140314/8f51a476/attachment.sig>
More information about the Pkg-clamav-devel
mailing list