On Thu, 14 Nov 2002, Michael Stenner wrote: > On Thu, Nov 14, 2002 at 08:19:56AM -0800, Bart Schaefer wrote: > > (1) Require the existence of a special pseudo-user to which spamc must > > setuid before it will pass the -u username to spamd. (-U option?) > > > > (2) Have spamc read a password from a file whose permissions must be set > > such that only that uid can read it. That password is sent along with the > > username, and must match a password in another file readable only by the > > user under which spamd starts (before setuid), e.g. root. > > As I understand it, your proposed method includes: > * having spamc be installed setuid and owned by this other user
Nope. Spamc specifically MUST NOT be a setuid executable. Rather, at run time it must be able to execute the setuid() [or seteuid()] system call, which means it must be running as root (which it is, if started from /etc/procmailrc). If it can't setuid(), it ignores the -u option and does not send a password to spamd. In other respects it works just as it does now. > * having a plaintext password on disk, readable only by this other > user Yes. > This way, spamc authenticates the user (because it knows who it's > invoked by) and then spamd authenticates spamc (because only the > system-wide setuid spamc could read the password). Almost; spamc authenticates the user either by knowing who it's invoked by (the case where setuid() fails) or by trusting root to pass it the correct -u option (the case where setuid() succeeds). The point is that this is only required if you want allow_user_rules 1. On Thu, 14 Nov 2002, Michael Weber wrote: > Why do we need to authenticate the user of spamc at all? Are we > worried about a remote user running spamc on their box and forging mail > through ours? A local user forging something through our box? The issue is that, if allow_user_rules is 1, spamd can execute arbitrary perl code. That means that malicious user X could run "spamc -u Y" and execute commands as Y. If you aren't worried about malicious users, you don't need this. ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
