[Simon Walter] Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
maillists at conactive.com
Thu Dec 11 21:31:21 GMT 2008
Reply-To: mailscanner at lists.mailscanner.info
Julian Field wrote on Thu, 11 Dec 2008 20:28:43 +0000:
> I have just released 4.74.6-2
-rw-r--r-- 1 root root 4868907 Dec 11 15:02 MailScanner-4.74.6-
-rw-r--r-- 1 root root 4868804 Dec 11 21:26 MailScanner-4.74.6-
I see now that the "Could not test file ownership abilities" occurred more
often than just on first restart. It didn't occur with this restart.
Apart from that it seems to be working fine, with or without that error.
I notice that both, MailScanner and the update wrapper, are writing to the
lockfile (in this case clamavBusy.lock). Won't this create any problem?
Or, as you seem to be writing line by line the current lock status, won't
this slow down performance a bit? (write that line to it, search/find it,
delete it ... for each batch).
Wait, it's still happening, it just took some time to get in the log:
Dec 11 22:01:59 d01 MailScanner: Could not test file ownership
delete the file
Somehow it doesn't seem to be able to confirm that the file is gone (it is
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner