More taint mode problems (please help)

mog lists at elasticmind.net
Tue Jan 5 12:18:59 GMT 2010


On 04/01/2010 15:59, Mike Jakubik wrote:
> Hello,
>
> There seems to be more taint mode related problems in the latest version
> of MS. As of now, most of emails with attachments are unable to process
> and I'm at a loss on how to fix this as i am not a perl programmer.
>
> When running in debug mode the following error is shown.
>
> This is perl, v5.8.9 built for amd64-freebsd
>
> ---
> Building a message batch to scan...
> Have a batch of 1 message.
> Insecure dependency in open while running with -T switch at
> /usr/local/lib/perl5/site_perl/5.8.9/mach/IO/File.pm line 185.
> /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
> ---
>
> I tried to manually hack File.pm and added a function to untaint the file
> open function. This worked, however it triggered another taint mode error
> inside of MS itself.
>
> ---
> Insecure dependency in chown while running with -T switch at
> /usr/local/lib/MailScanner/MailScanner/Message.pm line 2505.
> ---
>
> If someone could help i would greatly appreciate it, I'm sure other
> FreeBSD users will be experiencing this too.
>
> Thanks.
>    


Hi,

Try upgrading perl to 'perl-5.10.1' and make sure you are using at least 
MailScanner version 'MailScanner-4.79.4' (both from ports). You should 
find that the taint mode problem goes away.

Regards,
mog


More information about the MailScanner mailing list