Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...
rtroy at ScienceTools
Jul 7, 2023, 9:08 AM
Post #1 of 4 (164 views)
Permalink
Hi All,

I changed the subject line to hopefully get some insight from a wider
audience regarding this situation that Reindl uncovered:


It started here:

>>> It appears that it IS running as root?! OR maybe as "sa-milt" ... As
>>> root I got this:
>>>
>>> # ps auxwww | grep spamd
>>> root      100805  0.0  0.3 158208 121164 ?       Ss   00:37   0:05
>>> /usr/bin/perl -T -w /usr/bin/spamd -c -m5 -H
>>> --razor-home-dir=/var/lib/razor/ --razor-log-file=sys-syslog

Reindl replied:

>> give common sense a few seconds: do you REALLY want to process mails
>> containing junk and malware with root privileges?

And went on to share that his Fedora 37 runs as sa-milt.

There IS an sa-milt entry in /etc/passwd, so...

I just took a few minutes to confirm that the DEFAULT installation on
Fedora Server 38 runs spamd as root - at least, that's sure my take from
this:

# ps -auxwww | grep spam
root 192531 2.3 4.0 158360 146936 ? Ss 08:53 0:01 /usr/bin/perl -T -w /usr/bin/spamd -c -m5 -H --razor-home-dir=/var/lib/razor/ --razor-log-file=sys-syslog
root 192535 0.0 3.7 158360 137488 ? S 08:53 0:00 spamd child
root 192536 0.0 3.7 158360 137616 ? S 08:53 0:00 spamd child

...GIVEN that this is the DEFAULT on this distribution - a very popular
distribution - I'm ... speachless since, as Reindl points out, processing
unknown inbound email is NOT a great place to hav a process running as
root!

THEREFORE: Can anyone give me the quick path to changing this to running
as sa-milt, as his system does?

Changing the file ownerships is trivial, and I know from doing some
packaging for Fedora systems that there's a spot to give the user (and
group) IDs programs are supposed to be run under in sysconfig. A quick
look shows there are three for Spam Assassin on my system:

/etc/sysconfig/spamassassin
/etc/sysconfig/spamass-milter
/etc/sysconfig/spamass-milter-postfix

Before I make changes and possibly screw things up; any advice?

Thanks!
Richard
Re: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response... [ In reply to ]
shiva at sewingwitch
Jul 7, 2023, 9:08 PM
Post #2 of 4 (164 views)
Permalink
Check the systemd unit file. It should set the user the service runs as.
Re: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response... [ In reply to ]
sausers-20150205 at billmail
Jul 9, 2023, 2:48 PM
Post #3 of 4 (160 views)
Permalink
On 2023-07-07 at 12:08:22 UTC-0400 (Fri, 7 Jul 2023 09:08:22 -0700
(PDT))
Richard Troy <rtroy@ScienceTools.com>
is rumored to have said:

> Hi All,
>
> I changed the subject line to hopefully get some insight from a wider
> audience regarding this situation that Reindl uncovered:

It should be noted that Harald Reindl is not a subscriber to this list
and cannot be as a result of past behavior. Nothing can stop him from
reading public archives and replying directly to list members, but no
one else sees them.

SpamAssassin can operate in many different modes. How distribution
packagers chose the 'default' for their installations is beyond the
scope of the SA project per se, and the specific packagers should be
consulted if you need an explanation of their choices.

If you want spamd to be able to access the per-user preferences and
databases for AWL/TxRep and/or Bayes of real system users, spamd must
run as root OR you must devise another working configuration which
allows that to work. This can be avoided by using virtual users or
storing per-user configuration in a database rather than in files on
disk. You can also dispense entirely with spamd and have a milter like
MIMEDefang call the SA libraries directly, but you still need
*SOMETHING* running as root (or a semi-privileged user) if you want to
use per-user configuration living in a POSIX filesystem.

Arguing over which model is better is pointless, because they are chosen
based on local needs. Scolding people for their choice of the reasonable
options is just silly.

I should probably add that I personally don't do per-user config because
of the enlarged attack surface it presents and small marginal value, but
that's guided by local details. I work with systems owned by others
where other choices were made for very sound reasons and they have not
had security problems with it, in many years of operations. What you
choose to do should be based on what YOU want.


--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
RE: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response... [ In reply to ]
Marc at f1-outsourcing
Jul 10, 2023, 12:08 PM
Post #4 of 4 (160 views)
Permalink
>
> I should probably add that I personally don't do per-user config because
> of the enlarged attack surface it presents and small marginal value, but
> that's guided by local details. I work with systems owned by others
> where other choices were made for very sound reasons and they have not
> had security problems with it, in many years of operations. What you
> choose to do should be based on what YOU want.
>

I have a setup where I globally mark spam and users have the option to 'unmark' messages from senders. So every user has a little db with white listed email addresses.
This could be a nice step before going full per-user config.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal