Lock.PM insecure with -T switch
Martin Hepworth
maxsec at gmail.com
Wed Jun 22 15:26:50 IST 2011
Or indeed if people are willing to get their hands in their pockets and
sponsor Julian to do this or buy him something nice from his Amazon list he
may have a little more incentive to do this.
(Assuming he's not playing with his new pet zend.to :-)
--
Martin Hepworth
Oxford, UK
On 21 June 2011 20:08, Peter Bonivart <bonivart at opencsw.org> wrote:
> On Tue, Jun 21, 2011 at 8:42 PM, Stuart Henderson <stu at spacehopper.org>
> wrote:
> > "really" untainting would be something more than the
> >
> > $foo =~ /^(.*)$/;
> > $foo = $1;
> >
> > and similar you see everywhere... running with -U or su'ing
> > to the "Run as user" before starting MailScanner isn't really any
> > worse than this.
>
> I agree with you and I don't suggest that the people who have trouble
> with this should fix this for Julian but if others are capable of
> writing, e.g., advanced custom functions and debugging Postfix support
> I think they are capable of properly untainting at least some of the
> code. It was just an open invitation without targeting anyone
> specific.
>
> It comes to a point when you answer the same question x amount of
> times you realize that if you fixed the source of the problem instead
> you would have saved time. :)
>
> /peter
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110622/7828bdc3/attachment.html
More information about the MailScanner
mailing list