Description of problem: Security Warning: World Writable files found : - /var/spool/spamassassin - /var/spool/spamassassin/auto-whitelist Version-Release number of selected component (if applicable): Current version 3.4.0 Spamassassin vr. 3.4 doesn't provide file auto-whitelist Fedora doesn't even install this file. Maybe we can obsolete it too. Reproducible: Steps to Reproduce:
CC: (none) => thomasAssignee: bugsquad => remiWhiteboard: (none) => mga4 too
You got the wrong Remmy ;-) Assigning to Remco (he's not overly available as of late though, so I'd say feel free to fix the issue if you know how).
Assignee: remi => r+mageia
Status: NEW => ASSIGNED
It looks like a lot of folks are making changes to this package. But I will try in cauldron first. This is used on servers, so we cannot break it.
@Thomas, Thanks for the report. Use of these file permissions has been in the package since Mandriva 2007 (See https://qa.mandriva.com/show_bug.cgi?id=27424). That said, I don't think auto whitelisting is being used by default at all anymore in spamassassin. If one were to use auto whitelisting, I still think per user settings would be better than the global ones we have configured now. As such, I am going to update the package accordingly and take these files out completely.
Assignee: r+mageia => remco
Remco, I see you made the changes in cauldron. Are you going to make them in mga4 as well?
Ping
I guess this is fixed in mga4: $ rpm -ql spamassassin doesn't show the file anymore
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED