Taint problems

Alessandro Bianchi alex at skynet-srl.com
Wed Apr 20 11:48:28 IST 2011 

Hi folks

I discovered that the problems that forced me to run MS as root were 
originated by taint mode errors.

Something has happened on my Fedora 14 Systems so that MS spits a load 
of taint errors and dies.

Here there are some of them:

/usr/lib/MailScanner/MailScanner/Lock.pm line 358
/usr/lib/MailScanner/MailScanner/Message.pm line 538
Insecure dependency in chown while running with -T switch at 
/usr/lib/MailScanner/MailScanner/Message.pm line 1381.
/usr/lib/MailScanner/MailScanner/Message.pm line 2418

/usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 173
/usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 176.
/usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 379
/usr/lib/MailScanner/MailScanner/Quarantine.pm line 189


Can't call method "print" on an undefined value at 
/usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 752.
Can't call method "CombineReports" on unblessed reference at 
/usr/lib/MailScanner/MailScanner/MessageBatch.pm line 736.

Insecure dependency in open while running with -T switch at 
/usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in mkdir while running with -T switch at 
/usr/lib/MailScanner/MailScanner/TNEF.pm line 233.
Insecure dependency in mkdir while running with -T switch at 
/usr/lib/MailScanner/MailScanner/TNEF.pm line 236.
Insecure dependency in open while running with -T switch at 
/usr/share/perl5/File/Copy.pm line 246.

The synptom is MS starting and restarting over and over again in the logs.

I begun to follow the errors using the --debug switch, and fixed some of 
them, until I came to errors in files that appear to be System libraries 
(p.e. /usr/share/perl5/File/Copy.pm ).

Furthermore running as root prevented Postfix from picking up files from 
the incoming directory and that leaded me to a non functional mail 
system: so I had to go back to running MS as postfix user and avoinding 
fatal taint errors.

Till now, after several hours, the only way I found to run MS , is 
adding the -U switch in the showbang line in /usr/sbin/MailScanner.

This switch, to my understanding, turns fatal taint errors in warning, 
but I'm still looking for a definitive fix.

Hope to save some night work hours to someone else with this info.

Best regards

Alessandro Bianchi

-- 
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da SkyNet SRL, ed e'
risultato non infetto.

More information about the MailScanner mailing list