You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Mark Martinec <Ma...@ijs.si> on 2010/02/02 01:25:48 UTC

Re: SA 3.3.0 spamassassin taint issue

Russ,

> I have not gotten this into the bugzilla, but ... as it appears 
> a 3.3 release is imminent, I though I should mention seeing 
> this in my log files:
>
> I am getting this:
>   Jan 20 18:17:40 vm049244181 spamd[14023]: spamd:
>   Insecure dependency in chown while running with -T switch
>   at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm
>   line 1934,
>
> which is:
>       if (($< == 0) && ($> == 0) && defined($user)) { # chown  it
>         my ($uid,$gid) = (getpwnam($user))[2,3];
>         unless (chown($uid, $gid, $fname)) {
>           warn "config: couldn't chown $fname to $uid:$gid for $user: $!\n";
>         }

The issue is now tracked as:
  https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6313

and a patch is available there. Thanks for your report!

  Mark