Lock.PM insecure with -T switch
Stuart Henderson
stu at spacehopper.org
Tue Jun 21 19:42:53 IST 2011
On 2011-06-21, Peter Bonivart <bonivart at opencsw.org> wrote:
> On Tue, Jun 21, 2011 at 5:13 PM, Peter Bonivart <bonivart at opencsw.org> wrote:
>> Since so many of you seem to have a "problem" with this, can't one of
>> you contribute a patch to Julian?
>
> Just to clarify, with patch I don't mean to just add -U :) but to
> really untaint all those references.
"really" untainting would be something more than the
$foo =~ /^(.*)$/;
$foo = $1;
and similar you see everywhere... running with -U or su'ing
to the "Run as user" before starting MailScanner isn't really any
worse than this.
More information about the MailScanner
mailing list