[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Mark Sapiro mark at msapiro.net
Thu Dec 11 17:33:03 GMT 2008

Kai Schaetzl wrote:

>Julian Field wrote on Thu, 11 Dec 2008 14:16:06 +0000:
>> Please let me know what you think works and what still doesn't work, if 
>> anything.
>So far so good. Got this on first restart:
>Dec 11 17:31:10 d01 MailScanner[11441]: Could not test file ownership 
>abilities on 
>/var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.11441, please 
>delete the file
>file doesn't exist, though. Directory contains lockfiles for all the 
>virusscan wrappers, no matter if in use or not. Is this intended?
>Everything seems to be fine. 

Same here. (except for the pid in the file name)

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list