Taint issues on 4.85.2-1

Jerry Benton jerry.benton at mailborder.com
Tue Apr 21 08:05:56 UTC 2015 

Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm  ?

-
Jerry Benton
www.mailborder.com



> On Apr 21, 2015, at 4:04 AM, Jason Ede <J.Ede at birchenallhowden.co.uk> wrote:
> 
> Hi Jerry,
>  
> Here is the top of the file
>  
> #
>  
> package IO::File;
>  
> =head1 NAME
>  
> IO::File - supply object methods for filehandles
>  
> =head1 SYNOPSIS
>  
>     use IO::File;
>  
>     $fh = new IO::File;
>     if ($fh->open("< file")) {
>         print <$fh>;
>         $fh->close;
>     }
>  
>     $fh = new IO::File "> file";
>     if (defined $fh) {
>         print $fh "bar\n";
>         $fh->close;
>     }
>  
>     $fh = new IO::File "file", "r";
>     if (defined $fh) {
>         print <$fh>;
>         undef $fh;       # automatically closes the file
>     }
>  
>     $fh = new IO::File "file", O_WRONLY|O_APPEND;
>     if (defined $fh) {
>         print $fh "corge\n";
>  
>         $pos = $fh->getpos;
>         $fh->setpos($pos);
>  
>         undef $fh;       # automatically closes the file
>     }
>  
>     autoflush STDOUT 1;
>  
> =head1 DESCRIPTION
>  
> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: 13 April 2015 15:26
> To: MailScanner Discussion
> Subject: Re: Taint issues on 4.85.2-1
>  
> I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so.
> 
> -
> Jerry Benton
> www.mailborder.com <http://www.mailborder.com/>
>  
>  
>  
> On Apr 9, 2015, at 4:22 AM, Jason Ede <J.Ede at birchenallhowden.co.uk <mailto:J.Ede at birchenallhowden.co.uk>> wrote:
>  
>  
> Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors
>  
> MailScanner --debug
>  
>  
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> pyzor: check failed: internal error, python traceback seen in response
> Building a message batch to scan...
> Have a batch of 10 messages.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
>  
>  
> Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions?
>  
> Jason
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
>  
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150421/e71b75d9/attachment.html>

More information about the MailScanner mailing list