More taint mode problems (please help)
MailScanner at ecs.soton.ac.uk
Fri Jan 15 09:24:32 GMT 2010
On 14/01/2010 17:24, Mike Jakubik wrote:
> On Wed, January 13, 2010 2:36 pm, Jules Field wrote:
>> The File.pm module is used for opening files, not the "file" command. It
>> could be loads of places.
>> What TNEF-related options are you using, and can you send me a message
>> that triggers it? Put the raw message queue files up on a website
>> somewhere and mail me the URL to the address in the headers.
> I believe the problem here is that the variable containing the filename
> which is passed to File.pm is tainted.
Well yes, but which call to File.pm? I use it all over the place!
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner