Dennis Peterson wrote: >> Yes, I realise that. I run clamd under user clamav, hence it's probably >> easier to access /var/lib/clamav/* than it would be if owned by root. > > Why would that be? It is no more work to crack the root account than any > other account. Nor any less. Hopefully too your clamav account has no > shell defined.
Indeed not. A local exploit is one thing, a local root exploit quite another. Now of course it's more dangerous to run clamav as root, but for limiting write access to the databases it would be better to have ownership as root. Might not be worth it on balance, but I'm merely asking to see what the developers' thought processes were rather than saying for sure what would be better path to follow. -- Brian _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
