You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/12/31 17:55:46 UTC
[Bug 5932] audit SA for use of File::Path::rmtree() due to security
bug
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5932
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Justin Mason <jm...@jmason.org> 2008-12-31 08:55:46 PST ---
checked in on trunk:
: 33...; svn commit -m "bug 5932: replace trivial File::Path::rmtree usage with
simple 'rm -rf' command lines to avoid File::Path security bug (CPAN bug#
36982). we still have other usage of rmtree(), but it's all in the test suite
rather than runtime code"
Sending sa-compile.raw
Sending spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm
Transmitting file data ..
Committed revision 730414 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=730414 ).
here's the diff:
: 31...; svn diff
Index: spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm
===================================================================
--- spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm (revision
730413 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=730413 ))
+++ spamd-apache2/lib/Mail/SpamAssassin/Spamd/Apache2/Config.pm (working copy)
@@ -450,7 +450,7 @@
$ENV{HOME} = $tmphome;
$sa->compile_now(0, 1);
delete $ENV{HOME};
- File::Path::rmtree($tmphome);
+ system("rm -rf '$tmphome'");
$Mail::SpamAssassin::Spamd::Apache2::spamtest = $sa;
Mail::SpamAssassin::Spamd::backup_config($sa);
}
Index: sa-compile.raw
===================================================================
--- sa-compile.raw (revision 730413 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=730413 ))
+++ sa-compile.raw (working copy)
@@ -376,13 +376,14 @@
our $PATH = $modname;
$PATH =~ s/::/-/g;
+ $PATH =~ s/[^-_A-Za-z0-9\.]/_/g;
our $PMFILE = $modname;
$PMFILE =~ s/.*:://;
$PMFILE .= ".pm";
our $XSFILE = $PMFILE;
$XSFILE =~ s/\.pm$/.xs/;
- $force and rmtree $PATH;
+ $force and system("rm -rf $PATH");
mkdir $PATH or (!$force and die "mkdir($PATH): $!");
chdir $PATH;
if (!$quiet) { print "cd $PATH\n" or die "error writing: $!" }
Neither of these were exploitable AFAICT, so no need to backport.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.