** Tags removed: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930393
Title:
any local user can shut clamd down via control socket
To manage notifications about this bug go t
Still no updates in the upstream bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930393
Title:
any local user can shut clamd down via control socket
To manage notifications about this bug go to
No real movement happened upstream or in Debian. I'm not sure we should
consider this Triaged, as strictly speaking this is not even a bug (as
Seth noted in comment 1), and there's nothing we can actually do to make
the situation better. Even upstream doesn't have clear plans or
suggestions.
I'm l
** Changed in: clamav (Debian)
Status: Unknown => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930393
Title:
any local user can shut clamd down via control socket
To manage notif
The bug has been forwarded upstream, so I'm marking it as such.
** Also affects: clamav (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989549
Importance: Unknown
Status: Unknown
** Bug watch added: bugzilla.clamav.net/ #12782
https://bugzilla.clamav.net/show_bug.cg
** Changed in: clamav
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930393
Title:
any local user can shut clamd down via control socket
To manage notifications abou
Thanks for filing the bug in debian, and I agree that's the right place
to continue discussions. You also mentioned in the original bug some
aspects (such as auth on incoming connections) should be addressed
upstream, so you may want to also file bug reports there.
>From that, if there come to be
> Hello Stephane, maybe joining the amavisd-new user's to the clamav
group would be a simpler way around the stricter socket permissions you
are proposing?
Hi Simon,
No, as I said in comment #4, that doesn't work as amavisd-new doesn't
set supplementary IDs, just does a setuid() and setgid() with
Hello Stephane, maybe joining the amavisd-new user's to the clamav group
would be a simpler way around the stricter socket permissions you are
proposing?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1
** Changed in: clamav
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930393
Title:
any local user can shut clamd down via control socket
To manage notifications about
** Also affects: clamav via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989549
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930393
Title:
any
> I suggest proposing your patch in a Debian bug to get the maintainer's
feedback on it.
I've now raised https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989549
Should we carry on discussion over there?
** Bug watch added: Debian Bug tracker #989549
https://bugs.debian.org/cgi-bin/bugreport.
>From systemd.service(5):
> Type=
> Configures the process start-up type for this service unit.
> One of simple, exec, forking, oneshot, dbus, notify or
> idle:
>
> • If set to simple (the default if ExecStart= is
> specified but neither Type= nor BusName= are), the
Hmm, I thought the only 'reliable' way of addressing the 'not yet
active' problem was to use the sd_notify(3) family of functions to let
systemd know when a service is actually ready to handle requests. I
suggest proposing your patch in a Debian bug to get the maintainer's
feedback on it. (A test c
** Changed in: clamav (Ubuntu)
Status: New => Confirmed
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930393
Title:
any
15 matches
Mail list logo
