/var/dcc/map is not private

Vernon Schryver vjs@calcite.rhyolite.com
Sun Jan 27 16:41:37 UTC 2008


> From: Chris <cpollock@embarqmail.com>

> --nextPart2303122.G5yE5Uq94h
> Content-Type: text/plain;
>   charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline

mail to this mailing list encrypted as quoted-printable, HTML, etc.
has to wait until I manually check it.


> =2Drw-rw----  1 root root  7564 Jan 25 15:56 map

> I keep seeing this in my hourly syslog output:
> Jan 27 08:29:09 localhost dccproc[19405]: /var/dcc/map is not private

/var/dcc/map must be readable by only the UID that runs cdcc, dccproc,
dccifd, or dccm, because the file can contain passwords.


> The next line in the log warns me about the DCC plug-in for Spamassassin:
> Jan 27 08:29:09 localhost spamd[21849]: Use of uninitialized value in strin=
> g=20
> at /etc/mail/spamassassin/DCC.pm line 417.
> That line is below:
> $permsgstatus->test_log("$permsgstatus->{dcc_header_result}");
>
> I noticed that since whatever I did no DCC checks have apparently been made=
>  of=20
> the database since whats below is what all spam shows now for dcc checks:
> Not listed in DCC

Perhaps someone who knows about SpamAssassin can comment about that,
but the interference that DCC checks are being made sounds dubious to me.

> I'm also seening this now in my 4:00am check:
> Jan 26 04:04:37 localhost : Security Warning: Change in Suid Root files=20
> found :
> Jan 26 04:04:37 localhost : - No longer present suid root=20
> file : /usr/local/bin/cdcc
> Jan 26 04:04:37 localhost : - No longer present suid root=20
> file : /usr/local/bin/dccproc
>
> I see that somehow I changed the permissions to this:
>
> =2Dr-sr-xr-x  1 root   bin     161288 Jan 26 16:46 cdcc*
> =2Dr-sr-xr-x  1 root   bin     471136 Jan 26 16:46 dccproc*
>
> I've changed them back to what it looks like everything else is:
>
> =2Drwxr-xr-x  1 root   bin     161288 Jan 26 16:46 cdcc*
> =2Drwxr-xr-x  1 root   bin     471136 Jan 26 16:46 dccproc*


I do not understand those comments.  cdcc and dccproc are usually
set-UID to the UID specified with `./configure --with-uid=UID`
If not set explicitly, UID is set to 0.
See the installation instructions at 
http://www.dcc-servers.net/dcc/dcc-tree/INSTALL.html#envtbl--with-uid
or in the INSTALL.html or INSTALL.txt file in your copy of the DCC source.

cdcc and dccproc are set-UID so that they can read the private
file /var/dcc/map

Assuming you have made no DCC configuration changes except with ./configure,
in your position I would delete everything except /var/dcc/libexec/updatedcc
and then run that shell script.  It should fetch, ./configure, compile,
install, and restart the code including building a new /var/dcc/map file.

updatedcc is modified by the previous ./configure cycle to contain those
./configure parameters.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.