On Thu, 2016-12-22 at 17:15 +0000, KLEINDIENST Eric wrote: > # ll > /var/lib/spamassassin/compiled/5.020/3.004000/auto/Mail/SpamAssassin/Compile > dRegexps -a > total 16 > drwxrwxrwx 4 debian-spamd debian-spamd 4096 déc. 21 16:26 . > drwxrwxrwx 3 debian-spamd debian-spamd 4096 déc. 21 16:26 .. > drwxrwxrwx 2 debian-spamd debian-spamd 4096 déc. 21 16:26 body_0 > drwxrwxrwx 2 debian-spamd debian-spamd 4096 déc. 21 16:26 body_500
That's awfully insecure. That means anyone can write there (and provide some code to execute to spamassassin). Please fix that, you don't especially need root-owned directory, but you sure don't want permissions that wide. I especially would advise against making those dirs writable by the user running the spamassassin daemon. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part

