4.51.4: security concerns, TNEF question

Jeff A. Earickson jaearick at colby.edu
Wed Mar 1 18:26:18 GMT 2006


All,
    Good, that makes me feel better security-wise.  Unlink()
would be rippin fast compared to system(), just decrement the
link count in the kernel, done.  No overhead.  A nanosecond
here, a nanosecond there, pretty soon you have a billable hour!

Jeff Earickson
Colby College

On Wed, 1 Mar 2006, Joshua Hirsh wrote:

> Date: Wed, 1 Mar 2006 13:06:55 -0500
> From: Joshua Hirsh <joshua.hirsh at partnersolutions.ca>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: RE: 4.51.4: security concerns, TNEF question
> 
>> Harrumph.  I would recommend replacing this with an unlink()
>> call instead (use -U for directory, or unlink() and rmdir()).
>> It would save the cost of a fork() and exec() to create a subshell.
>> Security-wise, I also get nervous when I do not see a full pathname
>> for "rm" in code that runs as root.
>
>
> Hi Jeff,
>
> Although I do agree with you over the use of unlink compared to forking to rm, the PATH is already sanitized by MailScanner. In the main program, you'll find this line:
>
> 	$ENV{PATH}="/sbin:/bin:/usr/sbin:/usr/bin";
>
> So the path to rm is indeed sanitized. I'm not sure if this is being done for the AV helper scripts though.
>
>
> Cheers,
> -Joshua
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


More information about the MailScanner mailing list