Return-Path: Received: from [207.154.33.2] (HELO bostonmacs.com) by mail.tffenterprises.com (CommuniGate Pro SMTP 5.4.6) with ESMTP id 15566548 for cgpsa-discuss@mail.tffenterprises.com; Thu, 18 Oct 2012 06:18:51 -0700 Received-SPF: none receiver=mail.tffenterprises.com; client-ip=207.154.33.2; envelope-from=john@techsuperpowers.com Received: from dummy.name; Thu, 18 Oct 2012 09:18:26 -0400 Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Apple Message framework v1283) Subject: Re: [CGPSA] sh: su: command not found - in cgpsa.err From: John DeYoung In-Reply-To: Date: Thu, 18 Oct 2012 09:18:25 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <3313DA0E-8995-4CBF-9592-C16500CB8AFF@techsuperpowers.com> References: To: "CGPSA Discussion List" X-Mailer: Apple Mail (2.1283) hi again everybody - just a quick summary, for those who weren't able to sleep at night not = knowing if we'd gotten a handle on our apparent su attempts. a real = nail-biter, i know. anyway, the best i was able to work out was that the su attempts were = definitely related to either cgpsa or spamassassin. i ran a quick diff = on our cgpsa install vs. a fresh download and found nothing unexpected = there, so i figured it must be further up the line. i ultimately reinstalled spamassassin, and the messages stopped. i = don't love that, but i do like that we're now definitely clean. =20 thanks, -john. On Oct 16, 2012, at 12:50 AM, Daniel M. Zimmerman wrote: >=20 >=20 > --On 15 October 2012 15:36:19 -0400 John DeYoung = wrote: >=20 >> hi everyone - >>=20 >> i don't check it very often, but today i watched the entries in = cgpsa.err >> fly by for a bit (i redirect stdout). as i watched, several lines = went >> by saying "sh: su: command not found" - which naturally got my = attention. >=20 > Understandable. >=20 >> the messages are ongoing, but have a clear beginning point in the >> cgpsa.err file. there's no date/time entry associated with anything = in >> that file, so i can't pinpoint when it started, but it's clearly new. >>=20 >> soo=85i'm at a loss as to where i should even look to find what part = of >> the equation might be looking for root - does anyone have any ideas = where >> i might start? i can't come up with any legitimate reason for this = to be >> happening, obviously, so i'd like to get to the bottom of it. >=20 > Well, cgpsa as shipped definitely does not execute any shell commands, = never mind an "su"; it does spawn additional perl processes if you're = running it multithreaded, but that's done with fork(). >=20 > It sounds to me like maybe your copy of cgpsa has been altered in some = way. Either that, or some other process is also dumping logs to = cgpsa.err for some reason. >=20 > -Dan >=20 > ------------------------------------------------------------------ > Daniel M. Zimmerman TFF Enterprises > 1900 Commerce St. Box 358426 http://www.tffenterprises.com/~dmz/ > Tacoma, WA 98402 USA dmz@tffenterprises.com >=20 > ----- > This message is from the CGPSA Mailing List. > To unsubscribe, E-mail to: = . --=20 John DeYoung Tech Superpowers, Inc.