Released fix for taint errors

Julian Field MailScanner at ecs.soton.ac.uk
Mon Jun 27 09:27:55 IST 2011 


On 27/06/2011 08:35, John Wilcock wrote:
> Le 25/06/2011 22:14, Jules Field a écrit :
>> I have just released version 4.84.1 beta, which I hope will avoid the
>> taint errors that have been plaguing people running new versions of 
>> Perl.
>>
>> Please let me know how you get on.
>>
>> Sorry for the lack of contact, I've been really busy at work and some
>> other stuff isn't going too well right now.
>>
>> Many thanks to all of you for providing support for users despite my
>> absence, it is very much appreciated!
>
> Hi Jules,
>
> Firstly, good luck with the "other stuff".
Thanks. It's vaguely medical inevitably... At least it doesn't involve 
anyone else :)
>
> Secondly, thanks for this fix. You're nearly there, but there are a 
> few left I'm afraid:
>
>> Insecure dependency in open while running with -T switch at 
>> /usr/lib64/perl5/vendor_perl/5.12.3/x86_64-linux/IO/File.pm line 185, 
>> <$fh> line 6.
>> Insecure dependency in open while running with -T switch at 
>> /usr/lib64/perl5/vendor_perl/5.12.3/x86_64-linux/IO/File.pm line 185.
Not sure quite how to fix this one as it doesn't tell me where I am 
calling File.pm from. :-(
>> Insecure dependency in chown while running with -T switch at 
>> /usr/lib/MailScanner/MailScanner/Message.pm line 1381.
>> Insecure dependency in chown while running with -T switch at 
>> /usr/lib/MailScanner/MailScanner/Message.pm line 1381.
>> Insecure dependency in chown while running with -T switch at 
>> /usr/lib/MailScanner/MailScanner/Message.pm line 1381.
Replace line 1381 with these 4 lines:
       $tempid = $this->{id};
       $tempid =~ /^(.*)$/;
       $tempid = $1;
       chown $uid, $gid, "$spamdir/" . $tempid; # Harmless if this fails

and then let me know if that gets rid of that one.

If you can possibly track down where the File.pm error comes from, it 
would be a great help. Unfortunately it's in the "open()" function, 
which opens a file. Something MailScanner does rather a lot of!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info

Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner? Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

'All programs have a desire to be useful' - Tron, 1982


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list