[wplug] SpamAssassin -- user_prefs security hole?
Brandon Kuczenski
brandon at 301south.net
Wed May 26 13:55:41 EDT 2004
> >>I see. That is potent indeed. Is there a way to make spamd not run as
> >>root?
> >>
> > You could start it as a different user, but the problem would be similar.
> > Users could run arbitrary perl as the user that is running spamd.
>
....
>
> Running spamd as a special user (create a spamd user, for example) is
> a good idea ... as long as you ensure that the spamd user doesn't have
> access to anything dangerous. You could even place various resource
> limits on the spamd user to keep the process under control. It's true
> that any rules could run as user spamd ... just make sure that the
> user spamd can't do anything dangerous!
<newbie>So.... how do I make a program run as a certain user? At this
point I am starting spamd using Redhat's standard /etc/init.d/blarg
scripting paradigm (whoah, I think I actually used that word correctly!).
Also, you mention resource limits... I haven't learned about those yet...
Can you point me to a handy reference?
-Brandon
</newbie?>
More information about the wplug
mailing list