This bug was fixed in the package clamav - 0.95.1+dfsg-1ubuntu1.2
---
clamav (0.95.1+dfsg-1ubuntu1.2) jaunty-security; urgency=low
* SECURITY UPDATE: clamav-milter.init changes current directory owner
to user 'clamav' when run, potentially breaking ssh chroots, user's
home d
** Changed in: clamav (Ubuntu Jaunty)
Status: In Progress => Fix Committed
--
clamav-milter chowns root/arbitrary directory
https://bugs.launchpad.net/bugs/365823
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mai
In this case the init script makes sure that the directory for the pid file
exists and is owned by the clamav user (this is necessary). The bug is
that the variable that defines the path to it is incorrectly left unset, so
"." gets chown'ed instead of /var/run/clamav.
--
clamav-milter chowns
Thanks for that clarification I should have checked it first. The
default and hence most likely way of running Synaptic will yield the
users home directory problem and synaptics running with root powers from
the user home might limit system-wide damage perhaps.
Yes I see but why would someone run
As far as I can tell by looking at the process tree, Synaptic gets run with
gksu. When you click on it in the System menu, you need to enter your password,
so it can run as root.
But! it is run by the user, from the user's home directory, and that doesn't
change. You can check this by opening Sy
Run the default synaptic package handler as root from the menu system--
running something as root starts the process in the root directory not
in the logged on users directory as I understand it.
This caused the /home/username folder to become owned by clamav. I'm
not sure if it was the clamav-mi
