[Simon Walter] Bug#506353: mailscanner: many scripts allow local
users to overwrite arbitrary files, and more, via symlink attacks
MailScanner at ecs.soton.ac.uk
Thu Dec 11 19:59:20 GMT 2008
On 11/12/08 16:43, Kai Schaetzl wrote:
> Julian Field wrote on Thu, 11 Dec 2008 14:16:06 +0000:
>> Please let me know what you think works and what still doesn't work, if
> So far so good. Got this on first restart:
> Dec 11 17:31:10 d01 MailScanner: Could not test file ownership
> abilities on
> /var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.11441, please
> delete the file
> file doesn't exist, though. Directory contains lockfiles for all the
> virusscan wrappers, no matter if in use or not. Is this intended?
> Everything seems to be fine.
> How to test? Run /etc/cron.hourly/update_virus_scanners ?
If it complains about there not being a MailScannerCreateLocks or
anything in /usr/lib/MailScanner/mailscanner_create_locks or the
/usr/sbin/mailscanner_create_locks script not existing, please do
ls -ld /usr/sbin/mail* /usr/sbin/Mail*
> I also noticed a somewhat strange behavior of upgrade_MailScanner_conf. It
> Added new: Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif
> although this was already present in MailScanner.conf (from 4.74.4).
It should have said "Added new: Lockfile Dir =
/var/spool/MailScanner/incoming/Locks" as well. That's to be expected, I
needed to overwrite people's settings for those two. People never read
instructions, so it's pointless just asking people to change it.
> One request for mailscanner*.rpm: could you add a check that stops
> creating the /etc/spamassassin/mailscanner.conf symlink in case there's
> already a symlink or file? I tried touching an empty file there, but the
> rpm just wiped it away.
I'll take a look.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner