package dspam
tags 385353 + pending fixed-upstream
thanks
Hi,
A patch was sent on the upstream mailing-list:
http://thread.gmane.org/gmane.mail.qmail.simscan/3301/focus=3327
This code is already applied in the 3.8.0 release.
Cheers,
Julien
--- dspam-3.6.8~/src/dspamc.c 2006-05-13 21:47:30.000000000 +0930
+++ dspam-3.6.8/src/dspamc.c 2007-06-15 13:30:34.000000000 +0930
@@ -95,12 +95,19 @@
int
main (int argc, char *argv[])
{
- AGENT_CTX ATX;
+ AGENT_CTX ATX; /* agent configuration */
+ buffer *message = NULL; /* input message */
+ int agent_init = 0; /* agent is initialized */
+ int driver_init = 0; /* storage driver is initialized */
int exitcode = EXIT_SUCCESS;
- buffer *message = NULL; /* input Message */
- int agent_init = 0; /* agent is initialized */
+ struct nt_node *node_nt;
+ struct nt_c c_nt;
+ struct passwd *pwent;
+
+ srand ((long) time << (long) getpid ());
+ umask (006); /* rw-rw---- */
+ setbuf (stdout, NULL); /* unbuffered output */
- setbuf (stdout, NULL); /* unbuffered output */
#ifdef DEBUG
DO_DEBUG = 0;
#endif
@@ -113,6 +120,17 @@
exit(EXIT_FAILURE);
#endif
+ /* Cache my username and uid for trusted user security */
+
+ pwent = getpwuid(getuid());
+ if (pwent == NULL) {
+ LOG(LOG_ERR, ERR_AGENT_RUNTIME_USER);
+ exitcode = EXIT_FAILURE;
+ goto BAIL;
+ }
+ __pw_name = strdup(pwent->pw_name);
+ __pw_uid = pwent->pw_uid;
+
/* Read dspam.conf into global config structure (ds_config_t) */
agent_config = read_config(NULL);
