[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Scott Silva ssilva at sgvwater.com
Wed Dec 10 19:47:40 GMT 2008

on 12-10-2008 9:21 AM Julian Field spake the following:
> My current plan is to use a /var/spool/MailScanner/incoming/tmp
> directory which is owned by the "Run As User" and "Run As Group" and
> only accessible by drwx------ so that MailScanner can write to it and
> root can as well. This is already half-implemented as there is a
> "Lockfile Dir" setting in MailScanner.conf. I just need to pass that on
> the command-line of the -autoupdate scripts so they know where to expect
> and put their lockfiles (all the current ones assume Lockfile Dir = /tmp).
> After that there's just a few places in TNEF.pm, SA.pm and the
> "MailScanner --lint" code which also need to use the Lockfile Dir
> directory instead of /tmp.
> Any reason why this wouldn't work? I can implement all this in about an
> hour's work.
> Jules
Is there any way that a user could set an option in mailscanner.conf that
would break this?

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081210/672c3a0e/signature.bin

More information about the MailScanner mailing list