Update security/clamav-devel to 20040524 snapshot Changed startup script freshclam.sh -> clamav-freshclam.sh !!!!!!Beware if you use the freshclam daemon change rc.conf!!!!!!!! Chmod 770 the socket directory Rearange some things to be more in line with security/clamav port Fix: Added file: files/clamav-freshclam.sh Removed file: files/freshclam.sh
Rob Evers wrote: > Chmod 770 the socket directory What is the purpose of making the directory group writable and the pid unreadable for other processes? -Oliver
> Rob Evers wrote: > >> Chmod 770 the socket directory > > What is the purpose of making the directory group writable and > the pid unreadable for other processes? > > -Oliver > Mmm, I did this because the clamd socket is rwxrwxrwx, so every user on the system can read the socket, but I guess this is not a good solution ;-) Rob Evers
rob@debank.tv wrote: >>Rob Evers wrote: >> >>>Chmod 770 the socket directory >> >>What is the purpose of making the directory group writable and >>the pid unreadable for other processes? >> >>-Oliver > > Mmm, I did this because the clamd socket is rwxrwxrwx, so every user on > the system can read the socket, but I guess this is not a good solution > ;-) Do you want to guard against a local denial-of-service attack, or what is the problem with that? -Oliver
> rob@debank.tv wrote: > >>>Rob Evers wrote: >>> >>>>Chmod 770 the socket directory >>> >>>What is the purpose of making the directory group writable and >>>the pid unreadable for other processes? >>> >>>-Oliver >> >> Mmm, I did this because the clamd socket is rwxrwxrwx, so every user on >> the system can read the socket, but I guess this is not a good solution >> ;-) > > Do you want to guard against a local denial-of-service attack, or what is > the problem with that? > > -Oliver > No, but I want to be sure that scanned e-mails can't be read by 'normal' system users. Rob
State Changed From-To: open->closed Committed, thanks!