Version 3, spamassassin, vipul's razor, exim
Nick Phillips
nwp at LEMON-COMPUTING.COM
Mon Jan 14 22:23:45 GMT 2002
On Mon, Jan 14, 2002 at 11:41:00AM -0600, Michael Chaney wrote:
> Anyone else using the above combination? Vipul's Razor isn't
> taint-proof, and since mailscanner is running setuid, taint checking is
> implied.
Ugh! Only implied - should be explicit... I must have forgotten to add
that (had enough fun with taint checking when I first added the UID-setting).
> So I'm seeing this for every email:
>
> razor check skipped: Bad file descriptor Insecure dependency in connect
> while running with -T switch at
> /usr/lib/perl5/5.6.1/i386-freebsd/IO/Socket.pm line 108, <LIST> line 2.
>
> If nobody else has dealt with this then I'll fix it myself and send a
> patch to Vipul. Just don't want to duplicate others' work if I don't
> have to.
If I were you I'd do more than just fix it; I'd check over it with a fine
toothcomb.
Chances are, if it can't run with -T as is then at least somewhere there'll
be a dodgy assumption or two.
Cheers,
Nick
--
Nick Phillips -- nwp at lemon-computing.com
You are capable of planning your future.
More information about the MailScanner
mailing list