[Baruwa] MailScanner rpm packages now in Baruwa repo
John Wilcock
john at tradoc.fr
Thu Aug 11 15:44:33 IST 2011
Le 11/08/2011 14:16, Andrew Colin Kissa a écrit :
> I have not come across any other taint issue, John please indicate what triggers
> the taint issues you have on 5.12.3 as am not picking them up on 5.12.4
I had the following with MS 4.84.1-1 on perl 5.12.3:
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.3/x86_64-linux/IO/File.pm line 185, <$fh> line 6.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.3/x86_64-linux/IO/File.pm line 185.
> Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 1381.
Julian gave me a fix for Message.pm line 1381:
+ my $tempid = $this->{id};
+ $tempid =~ /^(.*)$/;
+ $tempid = $1;
+ chown $uid, $gid, "$spamdir/" . $tempid; # Harmless if this fails
- chown $uid, $gid, "$spamdir/" . $this->{id}; # Harmless if this fails
However I was unable to track down the *open* problems in IO::File, as
there are dozens of open() calls in MailScanner.
If I get time I'll try upgrading to 5.12.4 and see if that changes
anything...
John.
--
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
More information about the MailScanner
mailing list