More taint mode problems (please help)
lists at elasticmind.net
Tue Jan 5 12:18:59 GMT 2010
On 04/01/2010 15:59, Mike Jakubik wrote:
> There seems to be more taint mode related problems in the latest version
> of MS. As of now, most of emails with attachments are unable to process
> and I'm at a loss on how to fix this as i am not a perl programmer.
> When running in debug mode the following error is shown.
> This is perl, v5.8.9 built for amd64-freebsd
> Building a message batch to scan...
> Have a batch of 1 message.
> Insecure dependency in open while running with -T switch at
> /usr/local/lib/perl5/site_perl/5.8.9/mach/IO/File.pm line 185.
> /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
> I tried to manually hack File.pm and added a function to untaint the file
> open function. This worked, however it triggered another taint mode error
> inside of MS itself.
> Insecure dependency in chown while running with -T switch at
> /usr/local/lib/MailScanner/MailScanner/Message.pm line 2505.
> If someone could help i would greatly appreciate it, I'm sure other
> FreeBSD users will be experiencing this too.
Try upgrading perl to 'perl-5.10.1' and make sure you are using at least
MailScanner version 'MailScanner-4.79.4' (both from ports). You should
find that the taint mode problem goes away.
More information about the MailScanner