[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Scott Silva ssilva at sgvwater.com
Wed Dec 10 19:57:42 GMT 2008

on 12-10-2008 11:47 AM Scott Silva spake the following:
> on 12-10-2008 9:21 AM Julian Field spake the following:
>> My current plan is to use a /var/spool/MailScanner/incoming/tmp
>> directory which is owned by the "Run As User" and "Run As Group" and
>> only accessible by drwx------ so that MailScanner can write to it and
>> root can as well. This is already half-implemented as there is a
>> "Lockfile Dir" setting in MailScanner.conf. I just need to pass that on
>> the command-line of the -autoupdate scripts so they know where to expect
>> and put their lockfiles (all the current ones assume Lockfile Dir = /tmp).
>> After that there's just a few places in TNEF.pm, SA.pm and the
>> "MailScanner --lint" code which also need to use the Lockfile Dir
>> directory instead of /tmp.
>> Any reason why this wouldn't work? I can implement all this in about an
>> hour's work.
>> Jules
> Is there any way that a user could set an option in mailscanner.conf that
> would break this?
And I mean a proper option like queue file location, not a bad one.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081210/40fda5eb/signature.bin

More information about the MailScanner mailing list