[Simon Walter] Bug#506353: mailscanner: many scripts allow local
users to overwrite arbitrary files, and more, via symlink attacks
MailScanner at ecs.soton.ac.uk
Wed Dec 10 17:21:19 GMT 2008
My current plan is to use a /var/spool/MailScanner/incoming/tmp
directory which is owned by the "Run As User" and "Run As Group" and
only accessible by drwx------ so that MailScanner can write to it and
root can as well. This is already half-implemented as there is a
"Lockfile Dir" setting in MailScanner.conf. I just need to pass that on
the command-line of the -autoupdate scripts so they know where to expect
and put their lockfiles (all the current ones assume Lockfile Dir = /tmp).
After that there's just a few places in TNEF.pm, SA.pm and the
"MailScanner --lint" code which also need to use the Lockfile Dir
directory instead of /tmp.
Any reason why this wouldn't work? I can implement all this in about an
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner