> > Kevin Spicer wrote: > > > On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote: > > > > > >>Just noticed that scanning files with clamdscan does not scan > > >>filesthat are not world readable. > > > > > > > > > Perhaps it would be better if clamd could implement some kind of > > > privilege separation, so that a minimal process running as root > > > reads the files, but an unpriviledged process could > actually do all > > > the processing? > > > > > Good point. > > Please remember that clamd is a multithreaded application and > such a separation is not possible because it will affect the > main thread. A simpler (but slower) solution is to implement > a workaround in clamdscan > - verify if clamd is able to scan a file and if it isn't send > it to a socket (STREAM) or (even better) create a copy with > proper permissions in /tmp and pass it to clamd.
And a unprivileged user could have access to root files. This is unthinkable. If there's a bug in the main thread anyone could access to any files. ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
