Temp files cleanup?
Noel Jones
njones at megan.vbhcs.org
Sun Nov 25 21:54:12 CET 2012
On 11/25/2012 12:44 PM, Glenn Park wrote:
>
> 1) The directories inside $TEMPBASE/tmp are created with amavis:amavis
> rwxr-x--- permissions so they are not world readable, even when the
> $TEMPBASE/tmp directory is. Is there a problem with that? For
> example:
>
> drwxrwxrwt 10 root root 200 Nov 24 18:11 ./
> drwxr-xr-x 23 root root 800 Nov 24 18:03 ../
> drwxr-x--- 3 amavis amavis 80 Nov 24 18:00 amavis-20121124T180038-01142/
> drwxr-x--- 3 amavis amavis 80 Nov 24 18:10 amavis-20121124T181021-01143/
The $TEMPBASE/tmp directory should also be drwxr-x--- amavis:amavis.
Maybe you can create a subdirectory with proper permissions.
>
> 2) I agree, 10 seconds is just as bad as 10 days. In
> security-sensitive environments, are there other tools people turn to
> that will do this work all in-memory?
Paranoid environments do this in a jail or VM not accessible to
others. Everyone else uses a directory not available to others.
It would be very wasteful to do any kind of content inspection all
in memory. You must be prepared to store max workers * max message
size at the minimum.
-- Noel Jones
More information about the amavis-users
mailing list