Bug#280282: exim4-daemon-heavy: files in /var/spool/exim4/scan are mode 666
Roderick Schertler
Roderick Schertler <roderick@argon.org>, 280282@bugs.debian.org
Mon, 08 Nov 2004 10:02:34 -0500
Package: exim4-daemon-heavy
Version: 4.34-6
Severity: normal
The files in /var/spool/exim4/scan are created with mode 666. I don't
know what the right mode should be (660, perhaps), but I'm sure they
shouldn't be world-writable.
Here's what they look like while scanning is going on:
Mon Nov 8 09:41:37 EST 2004
uid=106(Debian-exim) gid=106(Debian-exim) groups=106(Debian-exim)
total 16
drwxr-s--- 2 Debian-exim clamav 4096 2004-11-08 09:41 .
drwxr-s--- 3 Debian-exim clamav 4096 2004-11-08 09:41 ..
-rw-rw-rw- 1 Debian-exim clamav 5 2004-11-08 09:41 1CRAi8-0005xU-TS-00000.com
-rw-rw-rw- 1 Debian-exim clamav 469 2004-11-08 09:41 1CRAi8-0005xU-TS.eml
-rw-rw-rw- 1 Debian-exim clamav 0 2004-11-08 09:41 1CRAi8-0005xU-TS_scanner_output
I used this to generate the above:
av_scanner = cmdline:/bin/sh -c '(dir=%s; umask 77; date; id; ls -la $dir; cp -r $dir /tmp) >>/tmp/t.scanner 2>&1':\
none such:'(.+)'
-- Package-specific info:
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (700, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.24-mother.3
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages exim4-daemon-heavy depends on:
ii exim4-base 4.34-6 EXperimental Internal Mailer -- a
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
ii libdb3 3.2.9-20 Berkeley v3 Database Libraries [ru
ii libgnutls11 1.0.16-9 GNU TLS library - runtime library
ii libldap2 2.1.30-3 OpenLDAP libraries
ii libmysqlclient10 3.23.56-2 LGPL-licensed client library for M
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi
ii libperl5.8 5.8.4-3 Shared Perl library
ii libpq3 7.4.6-2 Shared library libpq.so.3 for Post
-- no debconf information
--
Roderick Schertler
roderick@argon.org