You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by PGNet Dev <pg...@gmail.com> on 2020/06/11 16:19:11 UTC
Mail::SpamAssassin::Plugin::DCC error on spamd start: util: refusing
to untaint suspicious path: "${exec_prefix}/lib" ?
i've built & installed a new instance of
spamd -V
SpamAssassin Server version 3.4.4
running on Perl 5.26.1
with SSL support (IO::Socket::SSL 2.067)
with zlib support (Compress::Zlib 2.093)
running on linux/64.
systemctl status spamd -ln0
● spamd.service - Spamassassin daemon
Loaded: loaded (/etc/systemd/system/spamd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-06-11 08:37:30 PDT; 8min ago
Main PID: 45508 (spamd)
Tasks: 3
CGroup: /system.slice/spamd.service
├─45508 /usr/bin/perl -w /usr/bin/spamd --ipv4-only --nouser-config --listen=/run/spamd/spamd.sock --pidfile=/run/spamd/spamd.pid --username=spamd --groupname=spamd --socketowner=spamd --socketgroup=spamd --socketmode=666 --allow-tell
├─45574 spamd child
└─45575 spamd child
it's working well enough; tho, on spamd restart, I see in logs,
Jun 11 08:06:49 mx spamd[10742]: util: refusing to untaint suspicious path: "${exec_prefix}/lib"
commenting out,
v310.pre
- loadplugin Mail::SpamAssassin::Plugin::DCC
+ loadplugin Mail::SpamAssassin::Plugin::DCC
eliminates the error.
here, per
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/SingleUserUnixInstall#SingleUserUnixInstall-DCCsupport
DCC is built/installed,
wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar zxvf dcc.tar.Z
cd dcc-2.3.167
./configure \
--disable-server \
--disable-dccm \
--disable-dccifd
make
make install
which dccproc
/usr/local/bin/dccproc
dccproc -V
2.3.167
and, in SA local.cf,
ifplugin Mail::SpamAssassin::Plugin::DCC
use_dcc 1
dcc_home /var/dcc
dcc_path /usr/local/bin/dccproc
endif
DCC checks appear to exec/hit on inbound SA scans ...
is that
util: refusing to untaint suspicious path
an issue, or noise ?
Re: Mail::SpamAssassin::Plugin::DCC error on spamd start: util: refusing to untaint suspicious path: "${exec_prefix}/lib" ?
Posted by Nix <ni...@esperi.org.uk>.
On 11 Jun 2020, PGNet Dev outgrape:
> for anyone interested, it appears the config, as advised, is a bit of a mess
>
> using _explicit_ config of
>
> ./configure \
> --with-installroot=/ \
> --mandir=/usr/local/man \
> --bindir=/usr/local/bin \
> --libexecdir=/usr/local/libexec/dcc \
> --homedir=/var/lib/dcc \
Yeah, the dcc configure script is directly substituting $libexecdir etc
into the output, which isn't going to work unless the output is a
makefile or something else that can do shell-like variable substitution.
The right fix here is to repeatedly eval the variable (in configure.ac)
and only substitute it when all the $'s have gone away. (And perhaps
threshold it so that if they don't go away configure aborts and tells
you not to use self-referential variables :) ).
This is a surprisingly common autoconf error: I must have fixed it in
dozens of packages so far (but not yet DCC).
Re: Mail::SpamAssassin::Plugin::DCC error on spamd start: util:
refusing to untaint suspicious path: "${exec_prefix}/lib" ?
Posted by PGNet Dev <pg...@gmail.com>.
On 6/11/20 9:19 AM, PGNet Dev wrote:
> DCC is built/installed,
>
> wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z
> tar zxvf dcc.tar.Z
> cd dcc-2.3.167
> ./configure \
> --disable-server \
> --disable-dccm \
> --disable-dccifd
> make
> make install
>
> which dccproc
> /usr/local/bin/dccproc
> dccproc -V
> 2.3.167
for anyone interested, it appears the config, as advised, is a bit of a mess
using _explicit_ config of
./configure \
--with-installroot=/ \
--mandir=/usr/local/man \
--bindir=/usr/local/bin \
--libexecdir=/usr/local/libexec/dcc \
--homedir=/var/lib/dcc \
--with-uid=spamd \
--disable-server \
--disable-dccm \
--disable-dccifd
with
local.cf
...
ifplugin Mail::SpamAssassin::Plugin::DCC
use_dcc 1
dcc_home /var/lib/dcc
dcc_path /usr/local/bin/dccproc
endif
...
fixes the issue.