Version 3, spamassassin, vipul's razor, exim
Michael Chaney
mdchaney at MICHAELCHANEY.COM
Mon Jan 14 23:07:13 GMT 2002
On Mon, Jan 14, 2002 at 10:23:45PM +0000, Nick Phillips wrote:
> On Mon, Jan 14, 2002 at 11:41:00AM -0600, Michael Chaney wrote:
> > Anyone else using the above combination? Vipul's Razor isn't
> > taint-proof, and since mailscanner is running setuid, taint checking is
> > implied.
>
> Ugh! Only implied - should be explicit... I must have forgotten to add
> that (had enough fun with taint checking when I first added the UID-setting).
>
> > So I'm seeing this for every email:
> >
> > razor check skipped: Bad file descriptor Insecure dependency in connect
> > while running with -T switch at
> > /usr/lib/perl5/5.6.1/i386-freebsd/IO/Socket.pm line 108, <LIST> line 2.
> >
> > If nobody else has dealt with this then I'll fix it myself and send a
> > patch to Vipul. Just don't want to duplicate others' work if I don't
> > have to.
>
> If I were you I'd do more than just fix it; I'd check over it with a fine
> toothcomb.
>
> Chances are, if it can't run with -T as is then at least somewhere there'll
> be a dodgy assumption or two.
Actually, it was easy to find and fix. The code reads a list of servers
from a file, and that was the problem. I untainted them before the
connect call that was dying above and it works like a charm. Now I have
to determine why mailscanner died after 999 messages.
Michael
--
Michael Darrin Chaney
mdchaney at michaelchaney.com
http://www.michaelchaney.com/
More information about the MailScanner
mailing list