On Wed, 9 Sep 2015 14:48:14 -0700 jdow wrote: > On 2015-09-09 13:51, RW wrote: > > On Wed, 9 Sep 2015 17:27:54 +0200 > > Marc Richter wrote: > > > >> Hi RW, > >> > >>> Do you mean that ww is a unix user? The normal way to do this is > >>> to run spamd as root and run spamc as the unix user. Passing -u to > >>> spamc is really intended for virtual users, I'm not sure whether > >>> it works for unix users. Are you sure it worked before? > >> > >> ww is a unix user, yes. And it worked before, yes. > > > > Supporting that sounds like a really bad idea. It would mean that > > any user could make a spamd child run as any unix user they choose - > > possibly even root. It's an unnecessary risk of privilege > > escalation. > > > > It also gives users too much access to each other's databases. A > > malicious user would be able to miss-train another user's Bayes or > > manipulate reputations in TxRep or AWL. It would also be possible to > > infer some of the contents of another users TxRep database from > > suitable test emails. > > Why don't you try to run spamc -u root as a common user and see what > happens then talk about the results if it is warranted?
Given that it doesn't appear to be currently working with non-root accounts, what would that prove? And it's still wrong even if root is a special case.
