Spamd children starting as root?

Ernie Dunbar 13 Oct 2004 22:20:22 -0000

I'm running Spamassassin v3.0.0 on FreeBSD 4.9-RELEASE, and I run spamd like 
this:


/usr/local/bin/spamd -A 127.0.0.1 -L -x -u spamc -d -m 10

When I use `ps aux |grep spamd` I get this:

spamc      61970  0.5  3.9 21292 20032  ??  Is    3:04PM   0:00.47
/usr/local/bin/spamd -A 127.0.0.1 -L -x -u spam
spamc      61971  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61972  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61973  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61974  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61975  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61976  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61977  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61978  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61979  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)
spamc      61980  0.0  3.9 21292 20032  ??  I     3:04PM   0:00.00 spamd child 
(perl)

Then a little while later I try again and get this:

spamc      61970  0.0  3.9 21292 20032  ??  Is    3:04PM   0:00.47
/usr/local/bin/spamd -A 127.0.0.1 -L -x -u spam
root       61971  0.0  4.0 21760 20500  ??  S     3:04PM   0:00.10 spamd child 
(perl)
root       61972  0.0  3.9 21488 20200  ??  S     3:04PM   0:00.06 spamd child 
(perl)
root       61973  0.3  3.9 21536 20224  ??  S     3:04PM   0:00.06 spamd child 
(perl)
root       61974  0.0  3.9 21492 20188  ??  S     3:04PM   0:00.05 spamd child 
(perl)
spamc      61975  0.0  3.9 21292 20032  ??  S     3:04PM   0:00.00 spamd child 
(perl)
spamc      61976  0.0  3.9 21292 20032  ??  S     3:04PM   0:00.00 spamd child 
(perl)
spamc      61977  0.0  3.9 21292 20032  ??  S     3:04PM   0:00.00 spamd child 
(perl)
spamc      61978  0.0  3.9 21292 20032  ??  S     3:04PM   0:00.00 spamd child 
(perl)
spamc      61979  0.0  3.9 21292 20032  ??  S     3:04PM   0:00.00 spamd child 
(perl)
spamc      61980  0.0  3.9 21292 20032  ??  S     3:04PM   0:00.00 spamd child 
(perl)

Gradually, as spamd processes are renewed, they start to run as root. And when 
they
do that, they start overwriting the Bayes databases with ownership as root.
Naturally, when the parent process tries to access this database, it can't.

Isn't this a security risk? Why does this happen? What can I do to make it stop?

Spamd children starting as root?

Reply via email to