http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5365
------- Additional Comments From [EMAIL PROTECTED] 2007-03-20 20:47 -------
I seem to have successfully "fixed the glitch" by replacing
handle_setuid_to_user() as follows:
sub handle_setuid_to_user {
if ($spamtest->{paranoid}) {
die("spamd: in paranoid mode, still running as root: closing connection");
}
warn("spamd: still running as root: user not specified with -u, "
. "not found, or set to root, falling back to nobody" );
my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
getpwnam('nobody');
$uid =~ /^(\d+)$/ and $uid = $1; # de-taint
$gid =~ /^(\d+)$/ and $gid = $1; # de-taint
$) = "$gid $gid"; # eGID
$> = $uid; # eUID
if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
die("spamd: setuid to nobody failed");
}
$spamtest->signal_user_changed(
{
username => $name,
user_dir => $dir
}
);
}
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
