Taint problems

[Bill McGonigle]

On 04/20/2011 06:48 AM, Alessandro Bianchi wrote:

> Till now, after several hours, the only way I found to run MS , is
> adding the -U switch in the showbang line in /usr/sbin/MailScanner.
>
> This switch, to my understanding, turns fatal taint errors in warning,
> but I'm still looking for a definitive fix.
>
> Hope to save some night work hours to someone else with this info.

You sure did, thanks, Alessandro!

These are the ones I'm seeing:

Insecure dependency in open while running with -T switch at 
/usr/lib/MailScanner/MailScanner/Lock.pm line 358.
Insecure dependency in open while running with -T switch at 
/usr/lib/perl5/IO/File.pm line 185, <$fh> line 44.
Insecure dependency in chdir while running with -T switch at 
/usr/lib/MailScanner/MailScanner/Message.pm line 2415.
Insecure dependency in open while running with -T switch at 
/usr/lib/MailScanner/MailScanner/Lock.pm line 358.

perl -v says:
   This is perl, v5.10.1 (*) built for i386-linux-thread-multi

It came in:
   Apr 24 03:23:18 Updated: 4:perl-5.10.1-123.fc13.i686

This is on a Fedora 13 box.  Others mentioned about what a disaster 
Fedora is for MailScanner, but from experience I can say this is the 
first system-related problem I've seen on a MailScanner box since Redhat 
9 (having upgraded through ~12 Fedora releases since).  Besides, this 
box is slated to migrate to the stable CentOS 6, which also carries 
perl-5.10.

It looks like taint errors in some of the same places were fixed in 
4.79.11-1.  I haven't yet diffed the two source trees to see what was done.

-Bill

-- 
Bill McGonigle, Owner
BFC Computing, LLC
http://bfccomputing.com/
Telephone: +1.603.448.4440
Email, IM, VOIP: bill at bfccomputing.com
VCard: http://bfccomputing.com/vcard/bill.vcf
Social networks: bill_mcgonigle/bill.mcgonigle