update_spamassassin leaking descriptor
Chris Schanzle
mailscanner at cas.homelinux.org
Tue Jan 4 17:10:10 GMT 2011
Hi,
On Fedora 14, I am getting selinux warnings as to what appears to be
/etc/cron.daily/update_spamassassin leaking a file descriptor. Before I
realized that was a mailscanner cron job, I filed Fedora bugreport via
sealert: <https://bugzilla.redhat.com/show_bug.cgi?id=666765>. Please
have a look, as they brought up a couple questions, first about closing
the descriptor before the exec and second, using /tmp for a tempfile
when the process runs as root is apparently discouraged.
Given Fedora's spamassassin already has /etc/cron.d/sa-update (once a
day), is the proper on a Fedora system to edit "Disabled=yes" in
/etc/cron.daily/update_spamassassin? After doing so, 'rpm -V
mailscanner' shows it as being a changed config file, so I think that
change may stick through mailscanner upgrades. It might be preferable
to move the code which sources /etc/sysconfig/update_spamassassin to the
top, and check if it's disabled that way.
Or should I disable Fedora's sa-update since it appears to be necessary
(from /usr/sbin/update_spamassassin) to reload the MailScanner service
after the sa-update?
And a nit in /etc/cron.daily/update_spamassassin - comments to "spread
virus updates" - should be "anti-virus", but not in a spamassassin rules
update script. Looks like code+comments to pause random time was lifted
from somewhere.
Thanks!
More information about the MailScanner
mailing list