| Summary: | kmail_clamav.sh tempfile not accessible to clamd | ||
|---|---|---|---|
| Product: | [Applications] kmail | Reporter: | Mark Atkinson <kde> |
| Component: | filtering | Assignee: | kdepim bugs <kdepim-bugs> |
| Status: | RESOLVED INTENTIONAL | ||
| Severity: | normal | CC: | kollix, lemma |
| Priority: | NOR | Keywords: | triaged |
| Version: | 1.9.6 | ||
| Target Milestone: | --- | ||
| Platform: | Mandriva RPMs | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
The provided script has a behavior which might be ok for most setups. Forcing /tmp as TMPDIR is not a solution. If you have a special setup, why not simply change the script or set the TMPDIR (e.g. for kmail only) to some directory which clamd can access. Also, you can allow the clamd user only the access to this TMPDIR by using ACL (access control list) setting on your filesystem (see: man setfacl) |
Version: 1.9.6 (using KDE KDE 3.5.6) Installed from: Mandriva RPMs OS: Linux The TEMPFILE created to allow clamd to analyse an email is not accessible to clamd. Mandriva added something similar to the bugfix 86090 but it did not take into account that the first line would succeed but still not be accessible to clamd as sole user clamav. On my system $TMPDIR is set to $HOME/tmp. So with the following I get a temporary file in $HOME/tmp that becomes world readable (-rw-r--r--) before the scan but $HOME/tmp itself is drw-------. TEMPFILE=`mktemp` if [ $? != 0 ] ; then TEMPFILE=`mktemp /tmp/kmail.XXXXXX` fi In some cases I received an lstat() error other times an Access Permission denied message when run from the console. Presently, I think there is little alternative to creating the temp file in /tmp. I am of course asking another user (ClamAV) to scan my temporary file so it seems kosher. Is there an efficient test one user can do to ensure another user can access a file? In lieu of that I suggest we adopt the following as the default. TEMPFILE=`mktemp /tmp/kmail.XXXXXX` Alternatively, provide the tempfile directory location as an input parameter for those with particular needs.