[Simon Walter] Bug#506353: mailscanner: many scripts allow local
users to overwrite arbitrary files, and more, via symlink attacks
Scott Silva
ssilva at sgvwater.com
Wed Dec 10 19:47:40 GMT 2008
on 12-10-2008 9:21 AM Julian Field spake the following:
> My current plan is to use a /var/spool/MailScanner/incoming/tmp
> directory which is owned by the "Run As User" and "Run As Group" and
> only accessible by drwx------ so that MailScanner can write to it and
> root can as well. This is already half-implemented as there is a
> "Lockfile Dir" setting in MailScanner.conf. I just need to pass that on
> the command-line of the -autoupdate scripts so they know where to expect
> and put their lockfiles (all the current ones assume Lockfile Dir = /tmp).
>
> After that there's just a few places in TNEF.pm, SA.pm and the
> "MailScanner --lint" code which also need to use the Lockfile Dir
> directory instead of /tmp.
>
> Any reason why this wouldn't work? I can implement all this in about an
> hour's work.
>
> Jules
>
Is there any way that a user could set an option in mailscanner.conf that
would break this?
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081210/672c3a0e/signature.bin
More information about the MailScanner
mailing list