4.51.4: security concerns, TNEF question
Joshua Hirsh
joshua.hirsh at partnersolutions.ca
Wed Mar 1 18:06:55 GMT 2006
> Harrumph. I would recommend replacing this with an unlink()
> call instead (use -U for directory, or unlink() and rmdir()).
> It would save the cost of a fork() and exec() to create a subshell.
> Security-wise, I also get nervous when I do not see a full pathname
> for "rm" in code that runs as root.
Hi Jeff,
Although I do agree with you over the use of unlink compared to forking to rm, the PATH is already sanitized by MailScanner. In the main program, you'll find this line:
$ENV{PATH}="/sbin:/bin:/usr/sbin:/usr/bin";
So the path to rm is indeed sanitized. I'm not sure if this is being done for the AV helper scripts though.
Cheers,
-Joshua
More information about the MailScanner
mailing list