[Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Mark Sapiro mark at msapiro.net
Fri Dec 12 16:14:31 GMT 2008

On Fri, Dec 12, 2008 at 09:13:08AM +0000, Julian Field wrote:
> On 11/12/08 21:05, Mark Sapiro wrote:
> >
> >Everything seems to be working normally, but each time a child starts,
> >a message like the following is logged:
> >
> >Dec 11 11:24:07 sbh16 MailScanner[23654]: Could not test file ownership
> >abilities on
> >/var/spool/MailScanner/incoming/Locks/MailScanner.ownertest.23654,
> >please delete the file
> >   
> Please try the attached /usr/lib/MailScanner/MailScanner/WorkArea.pm 
> file and restart MailScanner. That should have fixed that problem.

I'm a little slow. By the time I got to this it was 4.74.7-3, but I've
installed that and the spurious log message is gone and everything
else seems fine.

Thank you.

Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list