Version 3, spamassassin, vipul's razor, exim

Nick Phillips nwp at LEMON-COMPUTING.COM
Mon Jan 14 22:23:45 GMT 2002


On Mon, Jan 14, 2002 at 11:41:00AM -0600, Michael Chaney wrote:
> Anyone else using the above combination?  Vipul's Razor isn't
> taint-proof, and since mailscanner is running setuid, taint checking is
> implied.

Ugh! Only implied - should be explicit... I must have forgotten to add
that (had enough fun with taint checking when I first added the UID-setting).

>  So I'm seeing this for every email:
>
> razor check skipped: Bad file descriptor Insecure dependency in connect
> while running with -T switch at
> /usr/lib/perl5/5.6.1/i386-freebsd/IO/Socket.pm line 108, <LIST> line 2.
>
> If nobody else has dealt with this then I'll fix it myself and send a
> patch to Vipul.  Just don't want to duplicate others' work if I don't
> have to.

If I were you I'd do more than just fix it; I'd check over it with a fine
toothcomb.

Chances are, if it can't run with -T as is then at least somewhere there'll
be a dodgy assumption or two.


Cheers,


Nick
--
Nick Phillips -- nwp at lemon-computing.com
You are capable of planning your future.



More information about the MailScanner mailing list