You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Henk van Lingen <he...@cs.uu.nl> on 2006/11/30 11:43:14 UTC
sa-update / taint error
Hi,
Whenever I try to run sa-update, it ends with the error:
sa-update -D --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A
...
[14411] dbg: generic: unlinking 10_misc.cf
Insecure dependency in unlink while running with -T switch at /usr/bin/sa-update line 1173.
I'm not an perl-wizzard. Untainting $path doesn't help.
What can be the problem?
dawn:mail/spamassassin-# rpm -qf `which sa-update`
spamassassin-3.1.7-1.el3.rf
Regards,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2534107 v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
Re: sa-update / taint error
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Henk van Lingen wrote:
> Hi Daryl,
>
> I restored my situation from two days ago, and the problem returned.
> Your patch seems to fix the problem.
Thanks for confirming the fix Henk. Fixed in the 3.1 branch (3.1.8) and
trunk.
Daryl
Re: sa-update / taint error
Posted by Henk van Lingen <he...@cs.uu.nl>.
On Thu, Nov 30, 2006 at 01:44:32PM -0500, Daryl C. W. O'Shea wrote:
> >
> > Hm, I've runned sa-update without -T today, and now I can't reproduce
> > the problem :-( Maybe because there are no updates anymore...
>
> You removed the "-T" from the first line of sa-update? Perl won't
> complain about tainted variables without it.
Exactly, but I had to fix the updates.
> Just rm /var/lib/spamassassin/updates.spamassassin.org* (or wherever
> your updates are stored) so you can download the same update again.
>
>
> > Maybe tomorrow (when back at the office) I can reproduce yesterdays
> > situation.
>
> Please follow up in bug 5216 or at least to the list (and copy me) as
> soon as you can.
Hi Daryl,
I restored my situation from two days ago, and the problem returned.
Your patch seems to fix the problem.
Thanks,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2534107 v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
Re: sa-update / taint error
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Henk van Lingen wrote:
> On Thu, Nov 30, 2006 at 11:55:36AM -0500, Daryl C. W. O'Shea wrote:
> > Henk van Lingen wrote:
> >
> > >[14411] dbg: generic: unlinking 10_misc.cf
> > >Insecure dependency in unlink while running with -T switch at
> > >/usr/bin/sa-update line 1173.
> >
> > Please try the attached patch and *please* let me know if it resolves
> > the problem.
> >
> > + local ($1); # prevent random taint flagging
>
> Hm, I've runned sa-update without -T today, and now I can't reproduce
> the problem :-( Maybe because there are no updates anymore...
You removed the "-T" from the first line of sa-update? Perl won't
complain about tainted variables without it.
Just rm /var/lib/spamassassin/updates.spamassassin.org* (or wherever
your updates are stored) so you can download the same update again.
> Maybe tomorrow (when back at the office) I can reproduce yesterdays
> situation.
Please follow up in bug 5216 or at least to the list (and copy me) as
soon as you can.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5216
Thanks,
Daryl
Re: sa-update / taint error
Posted by Henk van Lingen <he...@cs.uu.nl>.
On Thu, Nov 30, 2006 at 11:55:36AM -0500, Daryl C. W. O'Shea wrote:
> Henk van Lingen wrote:
>
> >[14411] dbg: generic: unlinking 10_misc.cf
> >Insecure dependency in unlink while running with -T switch at
> >/usr/bin/sa-update line 1173.
>
> Please try the attached patch and *please* let me know if it resolves
> the problem.
>
> + local ($1); # prevent random taint flagging
Hm, I've runned sa-update without -T today, and now I can't reproduce
the problem :-( Maybe because there are no updates anymore...
Maybe tomorrow (when back at the office) I can reproduce yesterdays
situation.
Regards,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2534107 v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
Re: sa-update / taint error
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Henk van Lingen wrote:
> [14411] dbg: generic: unlinking 10_misc.cf
> Insecure dependency in unlink while running with -T switch at /usr/bin/sa-update line 1173.
Please try the attached patch and *please* let me know if it resolves
the problem.
Daryl