Package: spampd
Version: 2.30-1
Severity: important
Hi,
at first I have to thank you for the - so far - well working spampd.
Something I've waited for for a long time.
After installing there popped two things in my eyes:
1. weird %s in syslog:
For every scanned mail spampd generates several lines like
Dec 20 04:59:31 one spampd[5490]: %s
in the log. After looking through the resolved bugs I think this could
probably be a result of the fix introduced in #332259, probably it's
unnessessary now due to changes in the perl libraries!? That's only a
guess.
2. spamassassin/autolearn uses /root/.spamassassin
After checking the output of spampd in the emails I've seen an
autolearn=failed entry from spamassassin. Starting spampd in debugging
mode showed, that spampd's spammassassin tries to put it's stuff into
/root/.spamassassin/:
[28638] dbg: config: using "/root/.spamassassin/user_prefs" for user
prefs file
[28638] dbg: bayes: no dbs present, cannot tie DB R/O:
/root/.spamassassin/bayes_toks
[28638] dbg: bayes: no dbs present, cannot tie DB R/O:
/root/.spamassassin/bayes_toks
[28638] dbg: locker: safe_lock: created
/root/.spamassassin/auto-whitelist.lock.one.recluse.de.28638
[28638] dbg: locker: safe_lock: trying to get lock on
/root/.spamassassin/auto-whitelist with 0 retries
[28638] dbg: locker: safe_lock: link to
/root/.spamassassin/auto-whitelist.lock: link ok
[28638] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in
/root/.spamassassin/auto-whitelist
[28638] dbg: locker: safe_unlock: unlink
/root/.spamassassin/auto-whitelist.lock
This works while starting the daemon - seems it's still running as root
at this time, but as soon as it has given up root rights and it's
running as spampd it should be unable to access /root/.spamassassin, at
least on a well configured system.
[pid 31947] stat("/root/.spamassassin/bayes_toks", 0x508550) = -1 EACCES
(Permission denied)
[pid 31947] stat("/root/.spamassassin/bayes_toks.db", 0x508550) = -1
EACCES (Permission denied)
[pid 31947] stat("/root/.spamassassin", 0x508550) = -1 EACCES
(Permission denied)
[pid 31947] stat("/root/.spamassassin", 0x508550) = -1 EACCES
(Permission denied)
[pid 31947] mkdir("/root/.spamassassin", 0700) = -1 EACCES (Permission
denied)
[pid 31947] stat("/root/.spamassassin", 0x508550) = -1 EACCES
(Permission denied)
This bug is a bit critical imho, such a daemon should not even try to
access stuff in /root.
To fix this spampd needs a home-directory (like /var/lib/spampd or
something like that) and the spamassassin part should be loaded as the
user spampd - or is there any reason to do this before giving up root
rights?
Unfortunately I can't come up with a path for this - my knowledge of
perl is much much too minimal.
If you need any more informations or if you have a bugfix to test please
let me know.
Best regards,
Bernd Zeimetz
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.2-grsec
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages spampd depends on:
ii adduser 3.80 Add and remove users and groups
ii dpkg 1.13.11 package maintenance system for Deb
ii libnet-server-perl 0.89-1 An extensible, general perl server
ii perl 5.8.7-7 Larry Wall's Practical Extraction
ii spamassassin 3.1.0a-1 Perl-based spam filter using text
spampd recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
