Bug 67125

Summary: Update security/clamav-devel and secure socket
Product: Ports & Packages Reporter: rob
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
clamav-devel.patch none

Description rob 2004-05-24 14:30:14 UTC 
Update security/clamav-devel to 20040524 snapshot
Changed startup script freshclam.sh -> clamav-freshclam.sh
	!!!!!!Beware if you use the freshclam daemon change rc.conf!!!!!!!!
Chmod 770 the socket directory
Rearange some things to be more in line with security/clamav port

Fix: Added file: files/clamav-freshclam.sh
Removed file: files/freshclam.sh
Comment 1 Oliver Eikemeier 2004-05-24 17:21:27 UTC 
Rob Evers wrote:

> Chmod 770 the socket directory

What is the purpose of making the directory group writable and
the pid unreadable for other processes?

-Oliver
Comment 2 rob 2004-05-24 17:32:39 UTC 
> Rob Evers wrote:
>
>> Chmod 770 the socket directory
>
> What is the purpose of making the directory group writable and
> the pid unreadable for other processes?
>
> -Oliver
>

Mmm, I did this because the clamd socket is rwxrwxrwx, so every user on
the system can read the socket, but I guess this is not a good solution
;-)

Rob Evers
Comment 3 Oliver Eikemeier 2004-05-24 17:35:40 UTC 
rob@debank.tv wrote:

>>Rob Evers wrote:
>>
>>>Chmod 770 the socket directory
>>
>>What is the purpose of making the directory group writable and
>>the pid unreadable for other processes?
>>
>>-Oliver
> 
> Mmm, I did this because the clamd socket is rwxrwxrwx, so every user on
> the system can read the socket, but I guess this is not a good solution
> ;-)

Do you want to guard against a local denial-of-service attack, or what is
the problem with that?

-Oliver
Comment 4 rob 2004-05-24 17:43:33 UTC 
> rob@debank.tv wrote:
>
>>>Rob Evers wrote:
>>>
>>>>Chmod 770 the socket directory
>>>
>>>What is the purpose of making the directory group writable and
>>>the pid unreadable for other processes?
>>>
>>>-Oliver
>>
>> Mmm, I did this because the clamd socket is rwxrwxrwx, so every user on
>> the system can read the socket, but I guess this is not a good solution
>> ;-)
>
> Do you want to guard against a local denial-of-service attack, or what is
> the problem with that?
>
> -Oliver
>

No, but I want to be sure that scanned e-mails can't be read by 'normal'
system users.

Rob
Comment 5 Pav Lucistnik freebsd_committer freebsd_triage 2004-05-25 00:02:30 UTC 
State Changed
From-To: open->closed

Committed, thanks!