Taint issues on 4.85.2-1
Jason Ede
J.Ede at birchenallhowden.co.uk
Thu Apr 23 08:54:30 UTC 2015
Ok, looking through the MailScanner.pm file…
When in debug mode it’s complaining around line 1100 when it calls
$batch->Explode($Debug);
That triggers one line containing
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185, <$fh> line 4.
For each message in the batch.
Also around line 1250 where it does
$batch->SignUninfected();
I get
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/IO/File.pm line 185.
for each message in the batch…
Hopefully that will help narrow it down a bit…
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 23 April 2015 09:13
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1
Hi Jerry,
Did you get the IO::File.pm file? The version of it is 1.14
Will look at it a bit more from here…
It’s the same on my production box and that is ok on an older version of MailScanner.
Jason
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason Ede
Sent: 21 April 2015 09:17
To: MailScanner Discussion
Subject: RE: Taint issues on 4.85.2-1
Emailed you the file directly.
Jason
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 21 April 2015 09:06
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1
Mmmmm … not going to do it. Can you send me /usr/lib64/perl5/IO/File.pm ?
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>
On Apr 21, 2015, at 4:04 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:
Hi Jerry,
Here is the top of the file
#
package IO::File;
=head1 NAME
IO::File - supply object methods for filehandles
=head1 SYNOPSIS
use IO::File;
$fh = new IO::File;
if ($fh->open("< file")) {
print <$fh>;
$fh->close;
}
$fh = new IO::File "> file";
if (defined $fh) {
print $fh "bar\n";
$fh->close;
}
$fh = new IO::File "file", "r";
if (defined $fh) {
print <$fh>;
undef $fh; # automatically closes the file
}
$fh = new IO::File "file", O_WRONLY|O_APPEND;
if (defined $fh) {
print $fh "corge\n";
$pos = $fh->getpos;
$fh->setpos($pos);
undef $fh; # automatically closes the file
}
autoflush STDOUT 1;
=head1 DESCRIPTION
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 13 April 2015 15:26
To: MailScanner Discussion
Subject: Re: Taint issues on 4.85.2-1
I believe this is a perl-IO-File thing and not a MailScanner thing. Can you send the head of that file? First 20 lines or so.
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>
On Apr 9, 2015, at 4:22 AM, Jason Ede <J.Ede at birchenallhowden.co.uk<mailto:J.Ede at birchenallhowden.co.uk>> wrote:
Installed this version on my development environment on Centos 6.6 and then run debug and I get a load of taint errors
MailScanner --debug
In Debugging mode, not forking...
Trying to setlogsock(unix)
pyzor: check failed: internal error, python traceback seen in response
Building a message batch to scan...
Have a batch of 10 messages.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185, <$fh> line 4.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Insecure dependency in open while running with -T switch at /usr/lib64/perl5/IO/File.pm line 185.
Checked and /usr/sbin/MailScanner has the –U switch in it so it shouldn’t have this issue… Suggestions?
Jason
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150423/55446fb6/attachment-0001.html>
More information about the MailScanner
mailing list