Package: spampd Version: 2.30-16 Severity: normal I installed spampd the other day just to see that it tried to access some files in my user directory. After spending some time looking for the reason and then askinf formorer for a hint we found that the server process still had my user environment set despite running as user spampd. It used my environment because I started it using sudo. Further tests revealed that it works on root's environment if started by root.
This causes some functionality to fail, e.g. pyzor and razor. Also it loses uncritical data with Bayes and auto-whitelisting failing too. Finally the seemingly simple solution of fixing the permissions of root's .spamassassin directory creates some serious security concerns. Some similar bug was reported a longer time ago and to fix it a config opention was included. However, this option is disabled by default, which doesn't really help. IMO the bug should be fixed and not worked around anyway. Formorer already developed a patch that I'm testing since last night. It seems to me that it fixes the problem completely. So expect a patch submitted here pretty soon. Michael -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.20-1-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages spampd depends on: ii adduser 3.102 Add and remove users and groups ii dpkg 1.13.25 package maintenance system for Deb pn libnet-server-perl <none> (no description available) ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii perl 5.8.8-7 Larry Wall's Practical Extraction pn spamassassin <none> (no description available) spampd recommends no packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
