/var/dcc/map is not private

Chris cpollock@embarqmail.com
Sun Jan 27 16:06:38 UTC 2008


I've messed up permissions somehow on the above file I think.

drwxr-xr-x  3 root root  4096 Jan 26 16:45 build/
drwxr-xr-x  2 root bin   4096 Jan 26 16:46 cgi-bin/
-rwxrwxr--  1 root root  4441 Jul  6  2007 dcc_conf*
-rwxrwxr--  1 root root  4972 Jan 26 16:46 dcc_conf-new*
-rw-r--r--  1 root bin    825 Dec 26  2004 flod
-rw-r--r--  1 root bin    561 Dec 26  2004 grey_flod
-rw-r--r--  1 root bin    496 Dec 26  2004 grey_whitelist
-rw-------  1 root root  2549 Dec 26  2004 ids
drwxr-xr-x  2 bin  bin   4096 Jan 26 16:46 libexec/
drwxr-xr-x  2 root bin   4096 Dec 26  2004 log/
-rw-rw----  1 root root  7564 Jan 25 15:56 map
-rw-------  1 root root  2565 Jul  7  2007 map.txt
-rw-r--r--  1 root root  2565 Jul  7  2007 map.txt~
-rw-r--r--  1 root bin   3096 Dec 26  2004 whiteclnt
-rw-r--r--  1 root bin  12099 Dec 26  2004 whitecommon
-rw-r--r--  1 root bin    482 Dec 26  2004 whitelist

I keep seeing this in my hourly syslog output:

Jan 27 08:29:09 localhost dccproc[19405]: /var/dcc/map is not private

The next line in the log warns me about the DCC plug-in for Spamassassin:

Jan 27 08:29:09 localhost spamd[21849]: Use of uninitialized value in string 
at /etc/mail/spamassassin/DCC.pm line 417.

That line is below:

$permsgstatus->test_log("$permsgstatus->{dcc_header_result}");

I noticed that since whatever I did no DCC checks have apparently been made of 
the database since whats below is what all spam shows now for dcc checks:

Not listed in DCC
[]

I'm also seening this now in my 4:00am check:

Jan 26 04:04:37 localhost : Security Warning: Change in Suid Root files 
found :
Jan 26 04:04:37 localhost : - No longer present suid root 
file : /usr/local/bin/cdcc
Jan 26 04:04:37 localhost : - No longer present suid root 
file : /usr/local/bin/dccproc

I see that somehow I changed the permissions to this:

-r-sr-xr-x  1 root   bin     161288 Jan 26 16:46 cdcc*
-r-sr-xr-x  1 root   bin     471136 Jan 26 16:46 dccproc*

I've changed them back to what it looks like everything else is:

-rwxr-xr-x  1 root   bin     161288 Jan 26 16:46 cdcc*
-rwxr-xr-x  1 root   bin     471136 Jan 26 16:46 dccproc*

This will teach me to screw with things when I have the flu and can't read 
apparently can't read the output of my syslog snips correctly. Thanks for any 
assistance. 

Chris

-- 
Chris
KeyID 0xE372A7DA98E6705C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.rhyolite.com/pipermail/dcc/attachments/20080127/2a17462c/attachment.bin>


More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.