On Thu, 2016-12-22 at 17:15 +0000, KLEINDIENST Eric wrote:
> # ll
> /var/lib/spamassassin/compiled/5.020/3.004000/auto/Mail/SpamAssassin/Compile
> dRegexps -a
> total 16
> drwxrwxrwx 4 debian-spamd debian-spamd 4096 déc.  21 16:26 .
> drwxrwxrwx 3 debian-spamd debian-spamd 4096 déc.  21 16:26 ..
> drwxrwxrwx 2 debian-spamd         debian-spamd 4096 déc.  21 16:26 body_0
> drwxrwxrwx 2 debian-spamd         debian-spamd 4096 déc.  21 16:26 body_500

That's awfully insecure. That means anyone can write there (and provide some
code to execute to spamassassin). Please fix that, you don't especially need
root-owned directory, but you sure don't want permissions that wide. I
especially would advise against making those dirs writable by the user running
the spamassassin daemon.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to