On Fri, 28 May 2004 09:11:09 +0200 Thomas Lamy <[EMAIL PROTECTED]> wrote:
> Kevin Spicer wrote: > > On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote: > > > >>Just noticed that scanning files with clamdscan does not scan > >>filesthat are not world readable. > > > > > > Perhaps it would be better if clamd could implement some kind of > > privilege separation, so that a minimal process running as root > > reads the files, but an unpriviledged process could actually do all > > the processing? > > > Good point. Please remember that clamd is a multithreaded application and such a separation is not possible because it will affect the main thread. A simpler (but slower) solution is to implement a workaround in clamdscan - verify if clamd is able to scan a file and if it isn't send it to a socket (STREAM) or (even better) create a copy with proper permissions in /tmp and pass it to clamd. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat May 29 13:18:18 CEST 2004
pgpKaugZyuyJk.pgp
Description: PGP signature
