-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel Kahn Gillmor wrote: > On June 21, [EMAIL PROTECTED] said: > > > Daniel Kahn Gillmor wrote: > > > > > > > > > > 0) jonz seemed unconvinced [1] that dropping privileges in the way > i > > > > > suggested would be sufficiently secure to avoid exploitation > > > > > (though i confess i didn't understand his argument) > > > > > > > Do you have a pointer to his explanation ? And yours ? > > there wasn't as much in-depth discussion about the technical merit of > the patch as i would have liked. What there was was on dspam-dev, > which should be visible through gmane here (i tried to provide these > links in the previous e-mail, but they may not have come through): > > > http://news.gmane.org/find-root.php?message_id=%3c17515.39819.64753.124171%40localhost.localdomain%3e > > http://news.gmane.org/find-root.php?message_id=%3cB26CB601%2d821B%2d4B16%2d88CD%2dF8E29F9BAF49%40nuclearelephant.com%3e > Thank you, I've read the discussion. Jonz is talking about remote code execution, but if you are dropping privileges and you are, then I don't see a security problem. So I'm wondering where he sees the security problem...
> afaik, the earliest request for this feature was on dspam-users: > > http://dspam.nuclearelephant.com/dspam-users/2736.html > > > The source of dspam is released under the GPLv2, so it won't give a > > problem to apply a patch that is offered under the GPL. > > That's my understanding as well. > > > I like your patch and your proposal, and would like to see this in > > Debian, but doesn't this interfere with the patch: > > add-config-dir.dpatch ? > > i don't think they interfere with each other. Both patches apply > cleanly together (allow-alternate-config.dpatch goes at the end of > d/p/00list), and they have orthogonal functionality: > > - add-config-dir allows you to "Include" other directories from your > config file, wherever it is located. > Ah fine, I could know that myself. > - allow-alternate-config allows a dspam user to specify an entirely > different config file (which may itself use "Include" directives, > thanks to add-config-dir) instead of the default one. > > > And is there a possibility to write some documentation around it > > (in NEWS.Debian or README.Debian for example ? > > I'd be happy to. Something short and sweet would be good to encourage > folks to actually read it :) I'm not sure whether it warrants an entry > in NEWS, but i'll defer to more experienced packagers on that. How > about: > > --------------------------- > > As of version $(insert version here), debian's dspam packages allow > the user to select an alternate configuration file at runtime, which > should be indicated by name through the DSPAM_CONF environment > variable. This is useful for (among other things) running multiple > parallel daemons or individual users setting up their own classifier > instances. For example (in bash): > > $ DSPAM_CONF=~/my-classifier/dspam.conf dspam_stats testerX > > For security reasons, use of an alternate config file will cause any > setuid binary to drop privileges. Therefore, any use of dspam which > relies on the setuid nature of the binary (e.g. updating the host's > centralized data store as a non-privileged user) *must not* use an > alternate config file (i.e. make sure that DSPAM_CONF is unset). > > --------------------------- > > meh. still too long, i think. i welcome edits. > Let me think about it, I've not a direct edit for you. > Regards, > > --dkg > Regards, Matthijs Mohlmann -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEmZp02n1ROIkXqbARAm9rAJoDgrEoQxVbR0pn/4sodtVPag0LbACfeqtp o3Q1nD47TmAt902Vrwvuf+4= =q0TA -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]