[Simon Walter] Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Mark Sapiro
mark at msapiro.net
Fri Dec 12 16:14:31 GMT 2008
On Fri, Dec 12, 2008 at 09:13:08AM +0000, Julian Field wrote:
>
>
> On 11/12/08 21:05, Mark Sapiro wrote:
> >
> >Everything seems to be working normally, but each time a child starts,
> >a message like the following is logged:
> >
> >Dec 11 11:24:07 sbh16 MailScanner[23654]: Could not test file ownership
> >abilities on
> >/var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.23654,
> >please delete the file
> >
> Please try the attached /usr/lib/MailScanner/MailScanner/WorkArea.pm
> file and restart MailScanner. That should have fixed that problem.
>
I'm a little slow. By the time I got to this it was 4.74.7-3, but I've
installed that and the spurious log message is gone and everything
else seems fine.
Thank you.
--
Mark Sapiro mark at msapiro net The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list