Package: amavisd-milter Version: 1.5.0-2 Severity: grave Tags: security Justification: user security hole
After "sudo bash" I issued "/etc/init.d/amavisd-milter restart". What a surprise! My home directory got owned by user amavis. Running init script under bash -vx reveals the problem: [ $MILTERSOCKET ] && ([ -d $(dirname $MILTERSOCKET) ] || mkdir $(dirname $MILTERSOCKET) && chown $USER $(dirname $MILTERSOCKET)) + '[' inet6:60001 ']' dirname $MILTERSOCKET ++ dirname inet6:60001 + '[' -d . ']' dirname $MILTERSOCKET ++ dirname inet6:60001 + chown amavis . Yes, of course: the root directory is also owned by amavis(!!!) due to the first boot process since installing amavisd-milter package. :-( And some other random directories too that were cwd when starting daemon by hand. Gabor -- System Information: Debian Release: 5.0.7 APT prefers stable APT policy: (700, 'stable'), (500, 'proposed-updates') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages amavisd-milter depends on: ii amavisd-new 1:2.6.4-1~bpo50+1 Interface between MTA and virus sc ii libc6 2.7-18lenny7 GNU C Library: Shared libraries ii libmilter1.0.1 8.14.3-5+lenny1 Sendmail Mail Filter API (Milter) Versions of packages amavisd-milter recommends: ii postfix 2.5.5-1.1 High-performance mail transport ag amavisd-milter suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
