You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mark Martinec <Ma...@ijs.si> on 2010/02/02 01:25:48 UTC
Re: SA 3.3.0 spamassassin taint issue
Russ,
> I have not gotten this into the bugzilla, but ... as it appears
> a 3.3 release is imminent, I though I should mention seeing
> this in my log files:
>
> I am getting this:
> Jan 20 18:17:40 vm049244181 spamd[14023]: spamd:
> Insecure dependency in chown while running with -T switch
> at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm
> line 1934,
>
> which is:
> if (($< == 0) && ($> == 0) && defined($user)) { # chown it
> my ($uid,$gid) = (getpwnam($user))[2,3];
> unless (chown($uid, $gid, $fname)) {
> warn "config: couldn't chown $fname to $uid:$gid for $user: $!\n";
> }
The issue is now tracked as:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6313
and a patch is available there. Thanks for your report!
Mark