From 2e4733463a4bc714bc94da00e4e9da9f56fdd703 Mon Sep 17 00:00:00 2001 From: Jason Unovitch Date: Sun, 1 May 2016 01:13:06 +0000 Subject: mail/dspam: implement privilege separation (resolves bug running with suexec) - Runs as dspam:dspam instead of root:mail. The dspam UID/GID were created in r168311 when the UIDs/GIDs files were added but the port had always used root:mail. This had prevented running the dspam webUI under Apache with suexec due to a minimal requirement of UID/GID of 100. The original unsecure behavior is available with the SETUID option. - Default run directory is now /var/run/dspam. This follows the default upstream behavior and removes the patch to dspam.c as a result. Use RUN_DIR and correct the dspam.conf.sample file accordingly. - Default daemon/client communication port is now 2424. - Regen patches while here (portlint) UPDATING: Document privilege separated dspam PR: 115957 Reported by: tedm@ipinc.net, support@ipinc.net Submitted by: Danny Warren (maintainer) --- mail/dspam/files/patch-src__client.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 mail/dspam/files/patch-src__client.c (limited to 'mail/dspam/files/patch-src__client.c') diff --git a/mail/dspam/files/patch-src__client.c b/mail/dspam/files/patch-src__client.c new file mode 100644 index 000000000000..e960ce553c41 --- /dev/null +++ b/mail/dspam/files/patch-src__client.c @@ -0,0 +1,22 @@ +--- src/client.c.orig 2012-04-11 18:48:33 UTC ++++ src/client.c +@@ -304,7 +304,7 @@ int client_connect(AGENT_CTX *ATX, int f + struct sockaddr_un saun; + int sockfd; + int yes = 1; +- int port = 24; ++ int port = 2424; + int domain = 0; + int addr_len; + char *host; +--- src/client.c.orig 2012-04-11 18:48:33 UTC ++++ src/client.c +@@ -304,7 +304,7 @@ int client_connect(AGENT_CTX *ATX, int f + struct sockaddr_un saun; + int sockfd; + int yes = 1; +- int port = 24; ++ int port = 2424; + int domain = 0; + int addr_len; + char *host; -- cgit v1.2.3