Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=537587 --- Comment #67 from Enrico Scholz <enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx> 2010-01-15 12:26:10 EST --- there seems to be a path traversal security issue (which is relevant because dspamd is running as root): $ dspamc --classify --user ../../../../../../etc -- < /tmp/sp # strace -f `pidof dspamd` stat64("/var/lib/dspam/data/././../../../../../..", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 ... # ll / -rw-rw---- 1 root mail 1573112 15. Jan 18:24 etc.css -rw-rw---- 1 root mail 0 15. Jan 18:24 etc.lock -rw-rw---- 1 root mail 12 15. Jan 18:24 etc.stats -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review