[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Alex Neuman van der Hans
alex at rtpty.com
Tue Dec 9 14:28:53 GMT 2008
Luke 6:42 (KJV, since I assume it's what most of you chaps might be
familiar with ;) )
"Either how canst thou say to thy brother, Brother, let me pull out
the mote that is in thine eye, when thou thyself beholdest not the
beam that is in thine own eye? Thou hypocrite, cast out first the beam
out of thine own eye, and then shalt thou see clearly to pull out the
mote that is in thy brother's eye."
Also Matthew 7:3 -
" 3And why beholdest thou the mote that is in thy brother's eye, but
considerest not the beam that is in thine own eye?
4Or how wilt thou say to thy brother, Let me pull out the mote out
of thine eye; and, behold, a beam is in thine own eye?
5Thou hypocrite, first cast out the beam out of thine own eye; and
then shalt thou see clearly to cast out the mote out of thy brother's
On Dec 9, 2008, at 8:54 AM, Martin Hepworth wrote:
> the 'other' problem you got is that you're running an ancient version
> of mailscanner (which many debian users do). latest version is
> 4.73.4-2. If you install that ( via the tar.gz generic installer or a
> more upto date debian respository) you may find the issue has already
> been fixed.
More information about the MailScanner