[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Julian Field MailScanner at ecs.soton.ac.uk
Fri Dec 12 09:13:08 GMT 2008 


On 11/12/08 21:05, Mark Sapiro wrote:
> Julian Field wrote:
>    
>> On 11/12/08 16:43, Kai Schaetzl wrote:
>>      
>>> Julian Field wrote on Thu, 11 Dec 2008 14:16:06 +0000:
>>>
>>>
>>>        
>>>> Please let me know what you think works and what still doesn't work, if
>>>> anything.
>>>>
>>>>          
>>> So far so good. Got this on first restart:
>>>
>>> Dec 11 17:31:10 d01 MailScanner[11441]: Could not test file ownership
>>> abilities on
>>> /var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.11441, please
>>> delete the file
>>>
>>> file doesn't exist, though. Directory contains lockfiles for all the
>>> virusscan wrappers, no matter if in use or not. Is this intended?
>>>
>>> Everything seems to be fine.
>>> How to test? Run /etc/cron.hourly/update_virus_scanners ?
>>>
>>>        
>> Do
>> MailScanner --lint
>> and
>> /usr/sbin/update_virus_scanners
>>
>> If it complains about there not being a MailScannerCreateLocks or
>> anything in /usr/lib/MailScanner/mailscanner_create_locks or the
>> /usr/sbin/mailscanner_create_locks script not existing, please do
>> ls -ld /usr/sbin/mail* /usr/sbin/Mail*
>>      
>
>
> MailScanner --lint looks good.
>
> /usr/sbin/update_virus_scanners produces no error.
>
> Everything seems to be working normally, but each time a child starts,
> a message like the following is logged:
>
> Dec 11 11:24:07 sbh16 MailScanner[23654]: Could not test file ownership
> abilities on
> /var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.23654,
> please delete the file
>    
Please try the attached /usr/lib/MailScanner/MailScanner/WorkArea.pm 
file and restart MailScanner. That should have fixed that problem.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: WorkArea.pm.zip
Type: application/zip
Size: 3745 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081212/6aa8a2f1/WorkArea.pm.zip

More information about the MailScanner mailing list