Hanno Hecker wrote:
Just one thought: I'm using the clamav plugin to scan mails, but changed
it to use the faster clamdscan instead of clamscan. That required two
changes: - put the clamav daemon user in the smtpd group.
- add a 'chmod 0640, $filename;' in plugins/virus/clamav before
executing clamdscan.
Hmmm, allowing another app to tread in our private space... ;-)
What would happen if the patch looked like
+ # Make sure the spool dir has appropriate rights
+ if (-e $spool_dir) {
+ my ($mode,$gid) = (stat($spool_dir))[2,5];
+ die "Permissions on spool_dir $spool_dir are not 0750" if $mode &
07027; + die "Group of spool_dir $spool_dir is not $)" unless ( $gid ==
$) );
+ }
hmm... $) and $( are both "$qgid $qgid" ... but it works anyway
No, the smiley version $) is _effective_ GID whereas the frowny version $( is _real_ GID. I think this only matters on OS's where the security model supports setting a different GID for a specific task (Solaris???).
I suppose we could allow a slightly wider umask for existing spool directories, but the behavior in the default case (creation) should always be minimal.
[...snip...] +sub temp_dir { + my $self = shift; + my $dirname = $self->temp_file(); + -d $dirname or mkdir($dirname, 0750) + or die "Could not create temporary directory $dirname: $!"; + return $dirname; +}
...and let the admin be responsible for just putting the right (virus scanner) users into the smtpd group.
I'd be much more likely to parametize that sub call (pass in the mask). No reason to poison everyone's well just because you want to violate the privacy of our temporary files. ;-)
John
