> Why do we need to authenticate the user of spamc at all? Are we
> worried about a remote user running spamc on their box and forging mail
> through ours? A local user forging something through our box?
I think this was mentioned in an earlier thread, but as I understand it,
the worry is that
On Thu, 14 Nov 2002, Michael Stenner wrote:
> On Thu, Nov 14, 2002 at 10:41:27AM -0800, Bart Schaefer wrote:
> > Nope. Spamc specifically MUST NOT be a setuid executable. Rather, at
> > run time it must be able to execute the setuid() [or seteuid()] system
> > call, which means it must be runnin
Theo,
Theo Van Dinter wrote:
On Wed, Oct 30, 2002 at 02:16:28PM -0500, Michael Stenner wrote:
1) use ident: spamc connects, spamd asks ident if spamc is who it
says it is, then proceeds.
BAD: This is slowish (although probably not compared to the
spam-checking itself).
yes
Michael Stenner said:
> I hope this helps. I want to reiterate: Most people probably aren't
> interested in this ability. In our case, we want user configs, user
> AWL, and to allow users to invoke spamc directly. That means that
> without some sort of authentication, they can do bad things to
On Thu, Nov 14, 2002 at 10:41:27AM -0800, Bart Schaefer wrote:
> Nope. Spamc specifically MUST NOT be a setuid executable. Rather, at
> run time it must be able to execute the setuid() [or seteuid()] system
> call, which means it must be running as root (which it is, if started
> from /etc/procma
On Thu, 14 Nov 2002, Michael Stenner wrote:
> On Thu, Nov 14, 2002 at 08:19:56AM -0800, Bart Schaefer wrote:
> > (1) Require the existence of a special pseudo-user to which spamc must
> > setuid before it will pass the -u username to spamd. (-U option?)
> >
> > (2) Have spamc read a password fro
On Thu, Nov 14, 2002 at 12:04:00PM -0600, Michael Weber wrote:
> Um... Am I missing something here?
>
> I have spamc and spamd running on the same box. Spamd only listens to
> 127.0.0.1.
>
> Why do we need to authenticate the user of spamc at all?
You may not need to. Many people do not. If
On Thu, Nov 14, 2002 at 01:03:59PM -0500, Theo Van Dinter wrote:
> On Thu, Nov 14, 2002 at 12:47:03PM -0500, Michael Stenner wrote:
> > (My favorite method is still the UNIX sockets, but that will take more
> > work and I'm still looking into it.)
>
> Well, an issue with all of this of course is t
Um... Am I missing something here?
I have spamc and spamd running on the same box. Spamd only listens to
127.0.0.1.
Why do we need to authenticate the user of spamc at all? Are we
worried about a remote user running spamc on their box and forging mail
through ours? A local user forging someth
On Thu, Nov 14, 2002 at 12:47:03PM -0500, Michael Stenner wrote:
> (My favorite method is still the UNIX sockets, but that will take more
> work and I'm still looking into it.)
Well, an issue with all of this of course is that SpamAssassin can
run on platforms other than 'UNIX'. So if we're going
On Thu, Nov 14, 2002 at 08:19:56AM -0800, Bart Schaefer wrote:
> On Thu, 14 Nov 2002, Theo Van Dinter wrote:
>
> > I still don't see the purpose of authentication in spamd. Unless you
> > enable user rules, the only things I can think of that could happen
> > maliciously is tainting the AWL and g
On Wed, 30 Oct 2002, Michael Stenner wrote:
> This is all great, but we're a little concerned about the fact that a
> modified spamc can be used to do mildly nasty things to other people
> by telling spamd it's someone else.
On Thu, 14 Nov 2002, Theo Van Dinter wrote:
> I still don't see the pur
On Thu, Nov 14, 2002 at 10:03:49AM -0500, Theo Van Dinter wrote:
> On Wed, Oct 30, 2002 at 02:16:28PM -0500, Michael Stenner wrote:
> > 1) use ident: spamc connects, spamd asks ident if spamc is who it
> > says it is, then proceeds.
> >
> > BAD: This is slowish (although probably no
On Wed, Oct 30, 2002 at 02:16:28PM -0500, Michael Stenner wrote:
> 1) use ident: spamc connects, spamd asks ident if spamc is who it
> says it is, then proceeds.
>
> BAD: This is slowish (although probably not compared to the
> spam-checking itself).
>
> BAD: Not por
I sent this to spamassassin-devel a moment ago, then realized it's
probably fair-game to spamassassin-talk, too. Here you go:
---
We're considering implementing spamd/spamc in a fairly normal way:
spamd runs as root to maintain full
15 matches
Mail list logo
