4.51.4: security concerns, TNEF question
Jeff A. Earickson
jaearick at colby.edu
Wed Mar 1 16:37:55 GMT 2006
Whilst staring at the new logging additions to TNEF.pm, I
noticed the lines:
system("rm -rf /tmp/tnef.$$");
Harrumph. I would recommend replacing this with an unlink()
call instead (use -U for directory, or unlink() and rmdir()).
It would save the cost of a fork() and exec() to create a subshell.
Security-wise, I also get nervous when I do not see a full pathname
for "rm" in code that runs as root.
Likewise, I spotted similar relative-path system() calls in
f-prot-autoupdate (wget, cp, unzip)
Maybe you would want to replace the "system($rm..." calls elsewhere
(eg, sophos-autoupdate) with similar unlink() calls?
On another note, I see the syslogging for "added TNEF contents"
in TNEF.pm, but no "replaced TNEF contents" anywhere. Is there
syslogging of a "replace TNEF" event?
More information about the MailScanner