ClamAv 0.96 is out
Kai Schaetzl
maillists at conactive.com
Tue Apr 13 16:31:19 IST 2010
Holger Nöfer wrote on Mon, 12 Apr 2010 21:34:52 +0200:
Thanks for searching for it ;-)
> my $MessageDir = tempdir( 'MSlintXXXXXX', CLEANUP => 1);
> chmod 0770, $MessageDir;
>
> Can somebody please check if I'm right and I did not create
> a "security hole".
That looks like the right location. I don't see a security problem with
this. There should be an option to tell the tempdir function a umask,
though, I guess.
This line gets a umask, but I think it's for the file (written with
WriteHeaderFile) and not for tempdir.
my $headerfileumask = $global::MS->{work}->{fileumask};
if it is used by both, that could explain the problem. I don't know what
umask it gets, but it's probably without execution permissions at all as
it is intended for a file.
Oh, I applied the change and I'm still getting the error after a restart.
You must have set some other "higher" permission differently, too.
Anyway, as it happens only in lint I don't mind for now.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list