[Simon Walter] Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Mark Sapiro
mark at msapiro.net
Thu Dec 11 17:33:03 GMT 2008
Kai Schaetzl wrote:
>Julian Field wrote on Thu, 11 Dec 2008 14:16:06 +0000:
>
>> Please let me know what you think works and what still doesn't work, if
>> anything.
>
>So far so good. Got this on first restart:
>
>Dec 11 17:31:10 d01 MailScanner[11441]: Could not test file ownership
>abilities on
>/var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.11441, please
>delete the file
>
>file doesn't exist, though. Directory contains lockfiles for all the
>virusscan wrappers, no matter if in use or not. Is this intended?
>
>Everything seems to be fine.
Same here. (except for the pid in the file name)
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list