4.51.4: security concerns, TNEF question

Jeff A. Earickson jaearick at colby.edu
Wed Mar 1 16:37:55 GMT 2006


Whilst staring at the new logging additions to TNEF.pm, I
noticed the lines:

system("rm -rf /tmp/tnef.$$");

Harrumph.  I would recommend replacing this with an unlink()
call instead (use -U for directory, or unlink() and rmdir()). 
It would save the cost of a fork() and exec() to create a subshell. 
Security-wise, I also get nervous when I do not see a full pathname 
for "rm" in code that runs as root.

Likewise, I spotted similar relative-path system() calls in

f-prot-autoupdate  (wget, cp, unzip)
rav-autoupdate  (chmod)
vexira-autoupdate (wget)

Maybe you would want to replace the "system($rm..." calls elsewhere
(eg, sophos-autoupdate) with similar unlink() calls?

On another note, I see the syslogging for "added TNEF contents"
in TNEF.pm, but no "replaced TNEF contents" anywhere.  Is there
syslogging of a "replace TNEF" event?

Jeff Earickson
Colby College

More information about the MailScanner mailing list