-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On June 21, [EMAIL PROTECTED] said:
> Daniel Kahn Gillmor wrote: > > > > > > > > 0) jonz seemed unconvinced [1] that dropping privileges in the way i > > > > suggested would be sufficiently secure to avoid exploitation > > > > (though i confess i didn't understand his argument) > > > > > Do you have a pointer to his explanation ? And yours ? there wasn't as much in-depth discussion about the technical merit of the patch as i would have liked. What there was was on dspam-dev, which should be visible through gmane here (i tried to provide these links in the previous e-mail, but they may not have come through): http://news.gmane.org/find-root.php?message_id=%3c17515.39819.64753.124171%40localhost.localdomain%3e http://news.gmane.org/find-root.php?message_id=%3cB26CB601%2d821B%2d4B16%2d88CD%2dF8E29F9BAF49%40nuclearelephant.com%3e afaik, the earliest request for this feature was on dspam-users: http://dspam.nuclearelephant.com/dspam-users/2736.html > The source of dspam is released under the GPLv2, so it won't give a > problem to apply a patch that is offered under the GPL. That's my understanding as well. > I like your patch and your proposal, and would like to see this in > Debian, but doesn't this interfere with the patch: > add-config-dir.dpatch ? i don't think they interfere with each other. Both patches apply cleanly together (allow-alternate-config.dpatch goes at the end of d/p/00list), and they have orthogonal functionality: - add-config-dir allows you to "Include" other directories from your config file, wherever it is located. - allow-alternate-config allows a dspam user to specify an entirely different config file (which may itself use "Include" directives, thanks to add-config-dir) instead of the default one. > And is there a possibility to write some documentation around it > (in NEWS.Debian or README.Debian for example ? I'd be happy to. Something short and sweet would be good to encourage folks to actually read it :) I'm not sure whether it warrants an entry in NEWS, but i'll defer to more experienced packagers on that. How about: - --------------------------- As of version $(insert version here), debian's dspam packages allow the user to select an alternate configuration file at runtime, which should be indicated by name through the DSPAM_CONF environment variable. This is useful for (among other things) running multiple parallel daemons or individual users setting up their own classifier instances. For example (in bash): $ DSPAM_CONF=~/my-classifier/dspam.conf dspam_stats testerX For security reasons, use of an alternate config file will cause any setuid binary to drop privileges. Therefore, any use of dspam which relies on the setuid nature of the binary (e.g. updating the host's centralized data store as a non-privileged user) *must not* use an alternate config file (i.e. make sure that DSPAM_CONF is unset). - --------------------------- meh. still too long, i think. i welcome edits. Regards, --dkg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFEmWkkiXTlFKVLY2URAlpsAKD9RT3gavnZ5Ax7iApMB7haweX7BgCdEb6R cMLfX6VIX7767pHEeDW21Ms= =IbDt -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
