[Baruwa] MailScanner rpm packages now in Baruwa repo

[John Wilcock]

Le 11/08/2011 14:16, Andrew Colin Kissa a écrit :
> I have not come across any other taint issue, John please indicate what triggers
> the taint issues you have on 5.12.3 as am not picking them up on 5.12.4

I had the following with MS 4.84.1-1 on perl 5.12.3:

> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.3/x86_64-linux/IO/File.pm line 185, <$fh> line 6.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.3/x86_64-linux/IO/File.pm line 185.
> Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 1381.

Julian gave me a fix for Message.pm line 1381:

+ my $tempid = $this->{id};
+ $tempid =~ /^(.*)$/;
+ $tempid = $1;
+ chown $uid, $gid, "$spamdir/" . $tempid; # Harmless if this fails
- chown $uid, $gid, "$spamdir/" . $this->{id}; # Harmless if this fails

However I was unable to track down the *open* problems in IO::File, as 
there are dozens of open() calls in MailScanner.

If I get time I'll try upgrading to 5.12.4 and see if that changes 
anything...

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr