Brian Morrison wrote: > Dennis Peterson wrote: > >>> Yes, I realise that. I run clamd under user clamav, hence it's probably >>> easier to access /var/lib/clamav/* than it would be if owned by root. >>> >> Why would that be? It is no more work to crack the root account than any >> other account. Nor any less. Hopefully too your clamav account has no >> shell defined. >> > > Indeed not. > > A local exploit is one thing, a local root exploit quite another. Now of > course it's more dangerous to run clamav as root, but for limiting write > access to the databases it would be better to have ownership as root. > Might not be worth it on balance, but I'm merely asking to see what the > developers' thought processes were rather than saying for sure what > would be better path to follow. > We're talking about accesing to a different account. That being the root one or a daemon one shouldn't make a difference. Perhaps you will trick user bin into visiting a malicious website?
The only scenario i can think it makes a difference would be if you had that part of the directory tree exported on nfs. You could have similar problems with other remote access tools which by default block root access, but most won't allow you without a shell. And you shouldn't rely on the defaults without at least studying the config anyway. However, if you know where it makes a difference, please share. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
