Version 3, spamassassin, vipul's razor, exim

Michael Chaney mdchaney at MICHAELCHANEY.COM
Mon Jan 14 23:07:13 GMT 2002


On Mon, Jan 14, 2002 at 10:23:45PM +0000, Nick Phillips wrote:
> On Mon, Jan 14, 2002 at 11:41:00AM -0600, Michael Chaney wrote:
> > Anyone else using the above combination?  Vipul's Razor isn't
> > taint-proof, and since mailscanner is running setuid, taint checking is
> > implied.
>
> Ugh! Only implied - should be explicit... I must have forgotten to add
> that (had enough fun with taint checking when I first added the UID-setting).
>
> >  So I'm seeing this for every email:
> >
> > razor check skipped: Bad file descriptor Insecure dependency in connect
> > while running with -T switch at
> > /usr/lib/perl5/5.6.1/i386-freebsd/IO/Socket.pm line 108, <LIST> line 2.
> >
> > If nobody else has dealt with this then I'll fix it myself and send a
> > patch to Vipul.  Just don't want to duplicate others' work if I don't
> > have to.
>
> If I were you I'd do more than just fix it; I'd check over it with a fine
> toothcomb.
>
> Chances are, if it can't run with -T as is then at least somewhere there'll
> be a dodgy assumption or two.

Actually, it was easy to find and fix.  The code reads a list of servers
from a file, and that was the problem.  I untainted them before the
connect call that was dying above and it works like a charm.  Now I have
to determine why mailscanner died after 999 messages.

Michael
--
Michael Darrin Chaney
mdchaney at michaelchaney.com
http://www.michaelchaney.com/



More information about the MailScanner mailing list