[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

[Kai Schaetzl]

@ecs.soton.ac.uk>
Reply-To: mailscanner at lists.mailscanner.info

Julian Field wrote on Thu, 11 Dec 2008 20:28:43 +0000:

> I have just released 4.74.6-2

-rw-r--r-- 1 root root 4868907 Dec 11 15:02 MailScanner-4.74.6-
1.rpm.tar.gz
-rw-r--r-- 1 root root 4868804 Dec 11 21:26 MailScanner-4.74.6-
2.rpm.tar.gz

I see now that the "Could not test file ownership abilities" occurred more 
often than just on first restart. It didn't occur with this restart.
Apart from that it seems to be working fine, with or without that error.
I notice that both, MailScanner and the update wrapper, are writing to the 
lockfile (in this case clamavBusy.lock). Won't this create any problem? 
Or, as you seem to be writing line by line the current lock status, won't 
this slow down performance a bit? (write that line to it, search/find it, 
delete it ... for each batch).

Wait, it's still happening, it just took some time to get in the log:
Dec 11 22:01:59 d01 MailScanner[15174]: Could not test file ownership 
abilities on 
/var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.15174, please 
delete the file

Somehow it doesn't seem to be able to confirm that the file is gone (it is 
gone!).

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com